Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Microsoft Patch Tuesday - August 2010

Created: 10 Aug 2010 20:00:40 GMT • Updated: 23 Jan 2014 18:25:42 GMT
Robert Keith's picture
+1 1 Vote
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This month’s release is the largest bulletin count since the start of the Patch Tuesday program, and a tie for the largest number of vulnerabilities addressed—the vendor is releasing 14 bulletins covering a total of 34 vulnerabilities.

Fourteen of the issues are rated “Critical” and affect Windows, SMB Server, Internet Explorer, Word, and Silverlight. Of particular note, the SMB Server issue can be exploited remotely, without authentication, to completely compromise an affected computer. The remaining issues, rated “Important” and “Moderate,” affect SMB Server, Windows, Word, and Excel.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the August releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

The following is a breakdown of the “Critical” issues being addressed this month:

1. MS10-054 Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)

CVE-2010-2550 (BID 42224) Microsoft Windows SMB Pool Overflow Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 8.2/10)

A remote code-execution vulnerability affects the Microsoft Server Message Block (SMB) protocol when handling certain SMB packets. An attacker can exploit this issue by sending a malformed request to an SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with system-level privileges. This may facilitate a complete compromise of an affected computer.

2. MS10-053 Cumulative Security Update for Internet Explorer (2183461)

CVE-2010-2556 (BID 42257) Microsoft Internet Explorer Uninitialized Memory CVE-2010-2556 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2010-2557 (BID 42288) Microsoft Internet Explorer Uninitialized Memory CVE-2010-2557 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2010-2558 (BID 42289) Microsoft Internet Explorer Race Condition CVE-2010-2558 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that may have been corrupted due to a race condition. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2010-2559 (BID 42290) Microsoft Internet Explorer Uninitialized Memory CVE-2010-2559 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2010-2560 (BID 42292) Microsoft Internet Explorer HTML Layout Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

3. MS10-055 Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)

CVE-2010-2553 (BID 42256) Microsoft Windows Cinepak Codec Media Decompression Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects the Cinepak codec when handling a malformed media file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file with a vulnerable application. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

4. MS10-049 Vulnerabilities in SChannel could allow Remote Code Execution (980436)

CVE-2010-2566 (BID 42246) Microsoft Windows SChannel Certificate Request Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects SChannel because it improperly validates certificate request messages sent by a server. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious Web page. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

5. MS10-051 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)

CVE-2010-2561 (BID 42300) Microsoft XML Core Service Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects the Microsoft XML Core Services when handling malformed HTTP responses. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

6. MS10-052 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)

CVE-2010-1882 (BID 42298) Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects the Microsoft DirectShow MP3 filter when handling malformed files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file, or viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

7. MS10-060 Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

CVE-2010-0019 (BID 42138) Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code-execution vulnerability affects Microsoft Silverlight because of the way it handles pointers. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious Silverlight content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2010-1898 (BID 42295) Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.5/10)

A remote code-execution vulnerability affects Microsoft .NET Framework because of the way the .NET Common Language Runtime (CLR) handles delegates to virtual methods. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious Silverlight content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

8. MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)

CVE-2010-1901 (BID 42132) Microsoft Word Record RTF Parsing Engine Remote Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating 7.1/10)

A remote code-execution vulnerability affects Word when parsing rich text data. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious RTF file or email. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2010-1902 (BID 42133) Microsoft Word Record RTF Parsing Engine Remote Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating 7.1/10)

A remote code-execution vulnerability affects Word because it does not perform sufficient validation when handling rich text data. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious RTF file or email. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

===========================

More information on these and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.