June 2010 - Microsoft Releases 10 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its June batch of patches:
- (MS10-032) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Risk Rating: ImportantThis security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
- (MS10-033) Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Risk Rating: CriticalThis security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content.
- (MS10-034) Cumulative Security Update of ActiveX Kill Bits (980195)
Risk Rating: CriticalThis security update addresses two privately reported vulnerabilities for Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer.
- (MS10-035) Cumulative Security Update for Internet Explorer (982381)
Risk Rating: CriticalThis security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
- (MS10-036) Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Risk Rating: ImportantThis security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office.
- (MS10-037) Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
Risk Rating: ImportantThis security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font.
- (MS10-038) Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Risk Rating: ImportantThis security update resolves fourteen privately reported vulnerabilities in Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
- (MS10-039) Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Risk Rating: ImportantThis security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
- (MS10-040) Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Risk Rating: ImportantThis security update resolves a privately reported vulnerability in Internet Information Services (IIS). An attacker who successfully exploited this vulnerability could take complete control of an affected system.
- (MS10-041) Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Risk Rating: ImportantThis security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected.
TREND MICRO PROTECTION INFORMATION
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more