securitybulletin

This month we 11 security bulletin releases for newly discovered vulnerabilities.  Please see the details below for all the information.

Bulletin ID

Bulletin Title

Max Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS10-019

Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

Critical

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-020

Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)

Critical

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-021

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

Important

Elevation of Privilege

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-022

Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)

Important

Remote Code Execution

May require restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-023

Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)

Important

Remote Code Execution

May require restart

Microsoft Office Publisher 2002, Publisher 2003, and Publisher 2007

MS10-024

Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)

Important

Denial of Service

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Exchange 2000 Server SP3, Exchange Server 2003 SP2, Exchange Server 2007, and Exchange Server 2010.

MS10-025

Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)

Critical

Remote Code Execution

Requires restart

Microsoft Windows 2000 Server

MS10-026

Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)

Critical

Remote Code Execution

May require restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

MS10-027

Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)

Critical

Remote Code Execution

May require restart

Microsoft Windows 2000 and Windows XP.

MS10-028

Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

Important

Remote Code Execution

May require restart

Microsoft Office Visio 2002, Visio 2003, and Visio 2007

MS10-029

Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)

Moderate

Spoofing

Requires restart

Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Microsoft Windows Malicious Software Removal Tool

We are also releasing an updated version of the Windows Malicious Software Removal Tool on Windows Update, Windows Server Update Services and the Download Centre.  More details can be found here.

I’ve said this many times on this blog and in many presentations I’ve done over the years.  Keep you systems up to date and you will minimize vulnerabilities in those systems.  The reason I post these security bulletins every month is to remind people of that fact.  Just the other day I heard of customer who hadn’t updated the virus definitions since 2008!  No wonder people have issues!  Patching is important and should be something you have in you PC and server maintenance schedule.  It just has to be done.  That’s all!


Jeffa