It’s busy month in the patching space as we have 16 new security bulletins addressing 49 vulnerabilities which I believe is a record. Even though we have a lot of updates this month it’s actually a good thing because it demonstrates our commitment to providing a predictable system for updates and high quality updates. So make sure you take a look at these updates and apply them where needed in your environments.
New Security Bulletins
Bulletin ID
Bulletin Title
Max Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software
MS10-071
Cumulative Security Update for Internet Explorer
Critical
Remote Code Execution
Requires restart
Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-072
Vulnerabilities in SafeHTML Could Allow Information Disclosure
Important
Information Disclosure
May require restart
Microsoft Windows SharePoint Services 3.0, SharePoint Foundation 2010, Office SharePoint Server 2007, Groove Server 2010, and Office Web Apps.
MS10-073
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Elevation of Privilege
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-074
Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution
Moderate
MS10-075
Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution
Microsoft Windows Vista and Windows 7.
MS10-076
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
MS10-077
Vulnerability in .NET Framework Could Allow Remote Code Execution
MS10-078
Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege
Microsoft Windows XP and Windows Server 2003.
MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
Microsoft Office Word 2002, Word 2003, Word 2007, Word 2010, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Word Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office Web Apps, and Word Web App.
MS10-080
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
Microsoft Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
MS10-081
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
MS10-082
Vulnerability in Windows Media Player Could Allow Remote Code Execution
MS10-083
Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution
MS10-084
Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege
MS10-085
Vulnerability in SChannel Could Allow Denial of Service
Denial of Service
Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-086
Vulnerability in Windows Shared Cluster Disks Could Allow Tampering
Tampering
Microsoft Windows Server 2008 R2.
* The list of affected software above is an abstract. To see the full list of affected components please visit the bulletin at the link provided in the left column and review the "Affected Software" section.
If you want summaries of these bulletins you can get them here. For more detailed information just click the bulletin ID above for each one.
For more resources make sure you check out the Microsoft Security Response Center Blog. They have resources on these updates plus a bunch of other details as well.
Happy Updating everyone!
Jeffa