securitybulletin
It’s busy month in the patching space as we have 16 new security bulletins addressing 49 vulnerabilities which I believe is a record.  Even though we have a lot of updates this month it’s actually a good thing because it demonstrates our commitment to providing a predictable system for updates and high quality updates.  So make sure you take a look at these updates and apply them where needed in your environments.

New Security Bulletins

Bulletin ID

Bulletin Title

Max Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS10-071

Cumulative Security Update for Internet Explorer

Critical

Remote Code Execution

Requires restart

Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-072

Vulnerabilities in SafeHTML Could Allow Information Disclosure

Important

Information Disclosure

May require restart

Microsoft Windows SharePoint Services 3.0, SharePoint Foundation 2010, Office SharePoint Server 2007, Groove Server 2010, and Office Web Apps.

MS10-073

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Important

Elevation of Privilege

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-074

Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution

Moderate

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-075

Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution

Critical

Remote Code Execution

May require restart

Microsoft Windows Vista and Windows 7.

MS10-076

Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-077

Vulnerability in .NET Framework Could Allow Remote Code Execution

Critical

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-078

Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege

Important

Elevation of Privilege

Requires restart

Microsoft Windows XP and Windows Server 2003.

MS10-079

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

Important

Remote Code Execution

May require restart

Microsoft Office Word 2002, Word 2003, Word 2007, Word 2010, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Word Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office Web Apps, and Word Web App.

MS10-080

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

Important

Remote Code Execution

May require restart

Microsoft Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

MS10-081

Vulnerability in Windows Common Control Library Could Allow Remote Code Execution

Important

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-082

Vulnerability in Windows Media Player Could Allow Remote Code Execution

Important

Remote Code Execution

May require restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-083

Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution

Important

Remote Code Execution

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-084

Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege

Important

Elevation of Privilege

Requires restart

Microsoft Windows XP and Windows Server 2003.

MS10-085

Vulnerability in SChannel Could Allow Denial of Service

Important

Denial of Service

Requires restart

Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-086

Vulnerability in Windows Shared Cluster Disks Could Allow Tampering

Moderate

Tampering

Requires restart

Microsoft Windows Server 2008 R2.

* The list of affected software above is an abstract. To see the full list of affected components please visit the bulletin at the link provided in the left column and review the "Affected Software" section.

If you want summaries of these bulletins you can get them here.  For more detailed information just click the bulletin ID above for each one.

For more resources make sure you check out the Microsoft Security Response Center Blog.  They have resources on these updates plus a bunch of other details as well.

Happy Updating everyone! Winking smile

Technorati Tags: ,,

Jeffa