Today we have released 13 new security bulletins. Please see the details below for more details of the updates and make sure you apply them to your environments where necessary.
Bulletin ID
Bulletin Title
Max Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software
MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution
Important
Remote Code Execution
May require restart
Microsoft Office XP, Office 2004 for Mac.
MS10-004
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac.
MS10-005
Vulnerability in Microsoft Paint Could Allow Remote Code Execution
Moderate
Requires restart
Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-006
Vulnerabilities in SMB Client Could Allow Remote Code Execution
Critical
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-007
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution
MS10-008
Cumulative Security Update of ActiveX Kill Bits
MS10-009
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
Microsoft Windows Vista and Windows Server 2008.
MS10-010
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service
Denial of Service
Microsoft Windows Server 2008 and Windows Server 2008 R2.
MS10-011
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
Elevation of Privilege
MS10-012
Vulnerabilities in SMB Server Could Allow Remote Code Execution
MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
MS10-014
Vulnerability in Kerberos Could Allow Denial of Service
Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008.
MS10-015
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.
If you would like a summary of the bulletins please go here.
Microsoft Windows Malicious Software Removal Tool
We are also releasing a new version of the Windows Malicious Software Removal Tool. You can get more details here.
New Security Advisory
Also as part of this month’s security bulletin we are releasing a new security advisory. More details below.
Identifier
Vulnerability in TLS/SSL Could Allow Spoofing (977377)
Summary
Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.
As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues.
As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround is not intended for wide implementation and should be tested extensively prior to implementation.
Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, depending on customer needs.
Recommendations
Review Microsoft Security Advisory 977377 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Additional Resources