June 2010 - Microsoft Releases 10 Security Advisories

Microsoft addresses the following vulnerabilities in its June batch of patches:

• (MS10-032) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
  
  Risk Rating: Important

  This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.

• (MS10-033) Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
  
  Risk Rating: Critical

  This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content.

• (MS10-034) Cumulative Security Update of ActiveX Kill Bits (980195)
  
  Risk Rating: Critical

  This security update addresses two privately reported vulnerabilities for Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer.

• (MS10-035) Cumulative Security Update for Internet Explorer (982381)
  
  Risk Rating: Critical

  This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

• (MS10-036) Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
  
  Risk Rating: Important

  This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office.

• (MS10-037) Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
  
  Risk Rating: Important

  This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font.

• (MS10-038) Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
  
  Risk Rating: Important

  This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.

• (MS10-039) Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
  
  Risk Rating: Important

  This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.

• (MS10-040) Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
  
  Risk Rating: Important

  This security update resolves a privately reported vulnerability in Internet Information Services (IIS). An attacker who successfully exploited this vulnerability could take complete control of an affected system.

• (MS10-041) Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
  
  Risk Rating: Important

  This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected.