August 2010 - Microsoft Releases 14 Security Advisories

  Severity: CRITICAL
  Advisory Date: AUG 10, 2010

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS10-046) Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

    Risk Rating: Critical

    This security update addresses a publicly disclosed vulnerability in Windows Shell, which may allow remote code execution once icon of a specially crafted shortcut is displayed. Read more here.


  • (MS10-047) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)

    Risk Rating: Important

    This security update addresses several privately reported vulnerabilities in Microsoft Windows. The most serious of these may allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An unauthorized user must have valid logon credentials and must be logged on locally for exploit to be successful. The vulnerabilities could not be exploited remotely or by anonymous users. Read more here.


  • (MS10-048) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)

    Risk Rating: Important

    This update addresses one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most serious of these may allow elevation of privilege if an unauthorized user logs on to an affected system and runs a specific malicious application. Read more here.


  • (MS10-049) Vulnerabilities in SChannel could allow Remote Code Execution (980436)

    Risk Rating: Critical

    This security update resolves a publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. Read more here.


  • (MS10-050) Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)

    Risk Rating: Important

    This security update addresses a privately reported vulnerability in Windows Movie Maker, which may allow remote code execution if an attacker convinces a user to open a specially crafted Movie Maker sent. Read more here.


  • (MS10-051) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)

    Risk Rating: Critical

    This security update addresses a privately reported vulnerability in Microsoft XML Core Services, which could allow remote code execution if a user viewed a specially crafted Web page via Internet Explorer. Read more here.


  • (MS10-052) Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)

    Risk Rating: Critical

    This security update addresses a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. Read more here.


  • (MS10-053) Cumulative Security Update for Internet Explorer (2183461)

    Risk Rating: Critical

    This security update resolves six vulnerabilities in Internet Explorer that were reported privately. The most serious vulnerabilities may allow remote code execution if a user views a specially crafted Web site via Internet Explorer. Read more here.


  • (MS10-054) Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)

    Risk Rating: Critical

    This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most serious of these may allow remote code execution if an attacker made a spefically crafted SMB packet and sent it to an affected system. Read more here.


  • (MS10-055) Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)

    Risk Rating: Critical

    This security update resolves a privately reported vulnerability in Cinepak Codec, which may allow remote code execution if a user opens a specific media file or receives specially crafted streaming content from a Web site or any application that provides Web content. Read more here.


  • (MS10-056) Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)

    Risk Rating: Critical

    This security update addresses four Microsoft Office vulnerabilities that could allow remote code execution once a user opens a specially crafted .RTF email message. Read more here.


  • (MS10-057) Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)

    Risk Rating: Important

    This security update addresses the Microsoft Office vulnerability that could allow remote code execution whenever a user opens a specially crafted Excel file. Read more here.


  • (MS10-058) Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)

    Risk Rating: Important

    This security update addresses vulnerabilities in Microsoft Windows due to an error in processing buffer overflow. Read more here.


  • (MS10-059) Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)

    Risk Rating: Important

    This security update addresses vulnerabilities in the the Tracing Feature for Services that could allow increase in privilege once an attacker runs a specially crafted application. Read more here.


  • (MS10-060) Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

    Risk Rating: Critical

    This security update addresses two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. Read more here.