June 2010 - Microsoft Releases 10 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its June batch of patches:
- (MS10-032) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Risk Rating: ImportantThis security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
- (MS10-033) Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Risk Rating: CriticalThis security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content.
- (MS10-034) Cumulative Security Update of ActiveX Kill Bits (980195)
Risk Rating: CriticalThis security update addresses two privately reported vulnerabilities for Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer.
- (MS10-035) Cumulative Security Update for Internet Explorer (982381)
Risk Rating: CriticalThis security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
- (MS10-036) Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Risk Rating: ImportantThis security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office.
- (MS10-037) Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
Risk Rating: ImportantThis security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font.
- (MS10-038) Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Risk Rating: ImportantThis security update resolves fourteen privately reported vulnerabilities in Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
- (MS10-039) Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Risk Rating: ImportantThis security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
- (MS10-040) Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Risk Rating: ImportantThis security update resolves a privately reported vulnerability in Internet Information Services (IIS). An attacker who successfully exploited this vulnerability could take complete control of an affected system.
- (MS10-041) Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Risk Rating: ImportantThis security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected.