Viruslab » Security news » Patch Tuesday: 14 bulletins

Patch Tuesday: 14 bulletins

2010/08/11

In line with its advance notification, Microsoft issued 14 security updates, fixing a total of 34 flaws.

Of the 14 patches, 8 were rated "critical" and 6 were pegged as "important". Twelve affected Windows, and two Office. Microsoft .NET Framework and Silverlight also got a patch.

The bulletins issued on August 10 in the framework of Microsoft's monthly security update cycle are listed below. Severity ratings and affected software are indicated in brackets.

> MS10-049 (Critical) (Windows) - Vulnerabilities in SChannel could allow remote code execution
> MS10-051 (Critical) (Windows) - Vulnerability in Microsoft XML Core Services could allow remote code execution
> MS10-052 (Critical) (Windows) - Vulnerability in Microsoft MPEG Layer-3 Codecs could allow remote code execution
> MS10-053 (Critical) (Windows, Internet Explorer) - Cumulative security update for Internet Explorer
> MS10-054 (Critical) (Windows) - Vulnerabilities in SMB Server could allow remote code execution
> MS10-055 (Critical) (Windows) - Vulnerability in Cinepak Codec could allow remote code execution
> MS10-056 (Critical) (Office) - Vulnerabilities in Word could allow remote code execution
> MS10-060 (Critical) (Windows, Microsoft .NET Framework, Silverlight) - Vulnerabilities in the Microsoft .NET Common Language Runtime and in Silverlight could allow remote code execution
> MS10-047 (Important) (Windows) - Vulnerabilities in Windows Kernel could allow elevation of privilege
> MS10-048 (Important) (Windows) - Vulnerabilities in Windows Kernel-Mode Drivers could allow elevation of privilege
> MS10-050 (Important) (Windows) - Vulnerability in Windows Movie Maker could allow remote code execution
> MS10-057 (Important) (Office) - Vulnerability in Excel could allow remote code execution
> MS10-058 (Important) (Windows) - Vulnerabilities in TCP/IP could allow elevation of privilege
> MS10-059 (Important) (Windows) - Vulnerabilities in the Tracing Feature for Services could allow an elevation of privilege

Currently none of the vulnerabilities addressed has been observed under exploit in the wild. Microsoft considers four of the above to be high-priority deployments: MS10-052, MS10-055, MS10-056 and MS10-060.

As each month, the software giant has released an updated version of the Microsoft Windows Malicious Software Removal Tool.

Source: Microsoft.