April 2010 - Microsoft Releases 11 Security Advisories
DESCRIPTION
- (MS10-019) Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- (MS10-020) Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.
- (MS10-021) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
This security update resolves a privately reported This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.
- (MS10-022) Vulnerability in VBScript Could Allow Remote Code Execution (981169)
This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution.
- (MS10-023) Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file.
- (MS10-024) Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service.
- (MS10-025) Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server.
- (MS10-026) Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream.
- (MS10-027) Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site.
- (MS10-028) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file.
- (MS10-029) Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
This security update resolves one privately reported vulnerability in Microsoft Windows. This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address.
TREND MICRO PROTECTION INFORMATION
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more