Video Screencast Help
Security Response

Microsoft Patch Tuesday - July 2010

Created: 13 Jul 2010 18:06:47 GMT • Updated: 23 Jan 2014 18:26:34 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing four bulletins covering a total of five vulnerabilities.

Four of the issues are rated “Critical” and affect Help and Support Center, Access, and the Canonical Display Driver. The Help and Support Center issue was originally made public on June 10 of this year, and has seen in-the-wild exploit attacks. The remaining issue, rated “Important,” affects Outlook and can be exploited to bypass Outlook’s detection of unsafe file types when dealing with attachments. All of the issues are client-side, and require an attacker to trick a victim into performing some action in order to exploit.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the July releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx

The following is a breakdown of issues being addressed this month:

1. MS10-042 Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)

CVE-2010-1885 (BID 40725) Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability (MS Rating: Critical / Symantec Rating: 8.5/10)

A previously public (June 10, 2010) remote code execution vulnerability affects the Microsoft Help and Support centre due to how it handles the HCP protocol in specially crafted URIs. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing specially malformed content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Windows XP SP2, XP SP3, XP Professional x64 Edition SP2, Server 2003 SP2, Server 2003 x64 Edition SP2, and Server 2003 SP2 for Itanium-based Systems

2. MS10-044 Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

CVE-2010-0814 (BID 41442) Microsoft Access ActiveX Control Multiple Instantiation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code execution vulnerability affects Access ActiveX controls when loading a succession of controls into Internet Explorer. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Access 2003 SP3, 2007 SP1, and 2007 SP2

CVE-2010-1881 (BID 41444) Microsoft Access 'AccWizObjects' ActiveX Control Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

A remote code execution vulnerability affects the ‘ACCWIZ.dll’ ActiveX control due to a memory corruption error when instantiating the control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Access 2003 SP3

3. MS10-043 Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

CVE-2009-3678 (BID 40237) Microsoft Windows Canonical Display Driver Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8/10)

A previously public (May 18, 2010) remote code execution vulnerability affects the Canonical Display Driver (‘cdd.dll’) because it fails to properly parse information passed between user-mode and kernel-mode. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted image file. A successful exploit will result in the complete compromise of an affected computer.

Affects: Windows 7 and Windows 2008 R2 for x64-based systems.

4. MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

CVE-2010-0266 (BID 41446) Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 8.5/10)

A remote code execution vulnerability affects Outlook because it fails to properly verify attachments that are attached using the ‘ATTACH_BY_REFERENCE’ value of the ‘PR_ATTACH_METHOD’ property. An attacker can exploit this issue to run an arbitrary executable in the context of the currently logged-in user when the attachment is opened.

Affects: Office Outlook 2002 SP3, 2003 SP3, 2007 SP1, and 2007 SP2

------------------------------------------------------------

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.