2010年 12 月:マイクロソフト 定例セキュリティ更新プログラム情報
2013年2月21日
危険度: : 緊急
情報公開日: 12 14, 2010
概要
Microsoft addresses the following vulnerabilities in its December batch of patches:
- (MS10-090) Cumulative Security Update for Internet Explorer (2416400)
Risk Rating: Critical
This security update resolves a total of seven vulnerabilities in Internet Explorer (IE). Of these vulnerabilities, the most severe flaws could allow remote users to remotely execute malicious codes on the affected system if a user views a specially crafted Web page via IE. Read more here. - (MS10-091) Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
Risk Rating: Critical
This security update resolves several vulnerabilities in the Windows Open Type Font (OTF) driver, which could allow remote users to execute code remotely on the affected system. Read more here. - (MS10-092) Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
Risk Rating: Important
This security update resolves a vulnerability in Windows Task Scheduler, which could allow elevation of privilege if an attacker is logged on to an affected system and runs a specially crafted application. Read more here. - (MS10-093) Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
Risk Rating: Important
This vulnerability resolves a vulnerability in Windows Movie Maker, which could allow remote users to execute code on the affected system. Read more here. - (MS10-094) Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
Risk Rating: Important
This update resolves a vulnerability in Windows Media Encoder, which could allow remote code execution if an attacker succeeds in convincing users to open a legitimate Windows Media Profile (.PRX) file that is located in the same network folder as a specially crafted library file. Read more here. - (MS10-095) Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
Risk Rating: Important
This update resolves a vulnerability in Microsoft Windows, which could allow remote code execution if users open certain files located in the same network folder as a specially crafted library file. Read more here. - (MS10-096) Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
Risk Rating: Important
This security update resolves a vulnerability in Windows Address Book, which could allow a remote user to execute code on the affected system. Read more here. - (MS10-097) Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
Risk Rating: Important
This update resolves a vulnerability in the Internet Connection Signup Wizard of Microsoft Windows, which could allow remote code execution. This exploit works if a user opens an .INS or .ISP file located in the same network folder as a specially crafted library file. Read more here. - (MS10-098) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
Risk Rating: Important
This update resolves vulnerabilities in Microsoft Windows, which could allow elevation of privilege. The exploit works if an attacker is logged on locally using valid logon credentials and runs a specially crafted application. Read more here. - (MS10-099) Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
Risk Rating: Important
This update resolves a vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows.This update resolves a vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. Read more here. - (MS10-100) Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
Risk Rating: Important
This update resolves a vulnerability in the Consent User Interface (UI), which could allow elevation of privilege. Read more here. - (MS10-101) Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
Risk Rating: Important
This update resolves a vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. Read more here. - (MS10-102) Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
Risk Rating: Important
This update resolves a vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. An attacker with valid logon credentials could exploit the vulnerability and allow denial of service. Read more here. - (MS10-103) Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
Risk Rating: Important
This update resolves vulnerabilities in Microsoft Publisher that could allow remote code execution. An attacker can exploit the vulnerability by opening a specially crafted Publisher file. Read more here. - (MS10-104) Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
Risk Rating: Important
This update resolves a vulnerability in Microsoft SharePoint, which could allow remote code execution. The vulnerability is exploited if an attacker sends a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. Read more here. - (MS10-105) Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
Risk Rating: Important
This update resolves vulnerabilities in Microsoft Office, which could allow remote code execution. When users view a specially crafted image file using Microsoft Office, an attacker could gain the same user rights as the local user. Read more here. - (MS10-106) Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
Risk Rating: Medium
This update resolves a vulnerability in Microsoft Exchange Server, which could allow denial of service on the affected system. Read more here.
トレンドマイクロの対策
マイクロソフトは、2010 年 12 月の定例セキュリティ更新プログラムをリリースし、以下の脆弱性に対応しています。
- MS10-090:Internet Explorer 用の累積的なセキュリティ更新プログラム (2416400)
危険度: 緊急
詳しくはこちら - MS10-091:OpenType フォント (OTF) ドライバーの脆弱性により、リモートでコードが実行される (2296199)
危険度: 緊急
詳しくはこちら - MS10-092:タスク スケジューラの脆弱性により、特権が昇格される (2305420)
危険度: 高
詳しくはこちら - MS10-093:Windows ムービー メーカーの脆弱性により、リモートでコードが実行される (2424434)
危険度: 高
詳しくはこちら - MS10-094:Windows Media エンコーダーの脆弱性により、リモートでコードが実行される (2447961)
危険度: 高
詳しくはこちら - MS10-095:Microsoft Windows の脆弱性により、リモートでコードが実行される (2385678)
危険度: 高
詳しくはこちら - MS10-096:Windows アドレス帳の脆弱性により、リモートでコードが実行される (2423089)
危険度: 高
詳しくはこちら - MS10-097:インターネット接続のサインアップ ウィザードの安全でないライブラリのロードにより、リモートでコードが実行される (2443105)
危険度: 高
詳しくはこちら - MS10-098:Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (2436673)
危険度: 高
詳しくはこちら - MS10-099:ルーティングとリモート アクセスの脆弱性により、特権が昇格される (2440591)
危険度: 高
詳しくはこちら - MS10-100:承認 ユーザー インターフェイスの脆弱性により、特権が昇格される (2442962)
危険度: 高
詳しくはこちら - MS10-101:Windows Netlogon サービスの脆弱性により、サービス拒否が起こる (2207559)
危険度: 高
詳しくはこちら - MS10-102:Hyper-V の脆弱性により、サービス拒否が起こる (2345316)
危険度: 高
詳しくはこちら - MS10-103:Microsoft Publisher の脆弱性により、リモートでコードが実行される (2292970)
危険度: 高
詳しくはこちら - MS10-104:Microsoft SharePoint の脆弱性により、リモートでコードが実行される (2455005)
危険度: 高
詳しくはこちら - MS10-105:Microsoft Office グラフィック フィルターの脆弱性により、リモートでコードが実行される (968095)
危険度: 高
詳しくはこちら - MS10-106:Microsoft Exchange Server の脆弱性により、サービス拒否が起こる (2407132)
危険度: 中
詳しくはこちら
「Trend Micro 脆弱性対策オプション(ウイルスバスター コーポレートエディション プラグイン製品)」をご利用のユーザは、以下のフィルタ番号およびパターンバージョンによりこれらの脆弱性から保護されます。
Microsoft セキュリティ情報 ID | CVE識別番号 | フィルタ番号およびフィルタ名 | Deep Security パターンバージョン | Deep Security パターンリリース日 |
---|---|---|---|---|
MS10-090 | CVE-2010-3340 | 1004539 - HTML Object Memory Corruption Vulnerability | 10-038 | 2010年12月15日 |
MS10-090 | CVE-2010-3343 | 1004540 - Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability | 10-038 | 2010年12月15日 |
MS10-090 | CVE-2010-3346 | 1004537 - HTML Element Memory Corruption | 10-038 | 2010年12月15日 |
MS10-090 | CVE-2010-3962 | 1004496 - Vulnerability in Internet Explorer Could Allow Remote Code Execution | 10-035 | 2010年11月10日 |
MS10-091 | CVE-2010-3957 | 1004541 - OpenType Font File CFF table Code Execution Vulnerability | 10-038 | 2010年12月15日 |
MS10-091 | CVE-2010-3959 | 1004538 - OpenType Font File CMAP Table Paring Vulnerability | 10-038 | 2010年12月15日 |
MS10-101 | CVE-2010-2742 | 1004542 - Windows Netlogon Service Denial Of Service | 10-038 | 2010年12月15日 |
MS10-103 | CVE-2010-2569 | 1004544 - Size Value Heap Corruption in pubconv.dll Vulnerability | 10-038 | 2010年12月15日 |
MS10-103 | CVE-2010-3955 | 1004545 - Array Indexing Memory Corruption Vulnerability | 10-038 | 2010年12月15日 |
MS10-104 | CVE-2010-3964 | 1004536 - Sharepoint Office Document Conversions Launcher Service Remote Code Execution Vulnerability | 10-038 | 2010年12月15日 |
MS10-105 | CVE-2010-3947 | 1004543 - TIFF Image Converter Buffer Overflow Vulnerability | 10-038 | 2010年12月15日 |
MS10-105 | CVE-2010-3949 | 1004543 - TIFF Image Converter Buffer Overflow Vulnerability | 10-038 | 2010年12月15日 |
MS10-105 | CVE-2010-3950 | 1004543 - TIFF Image Converter Buffer Overflow Vulnerability | 10-038 | 2010年12月15日 |