Last month of 2010 broke Microsoft’s Patch Tuesday record in terms of total bulletins issued. As detailed in Advance Notification few days back total of 17 bulletins are issued to fix 40 vulnerabilities in various products of Microsoft like Windows Operating Systems, Microsoft Office or Internet Explorer.

Out of 17 bulletins issued Two are rated as “Critical”, One as “Moderate” and rest are rated as “Important”

  • MS10-090 – Rated – Critical :- This patch fixes total of seven vulnerabilities (three of which are available publicly). A specially crafted webpage when viewed by user can allow remote code execution attack. This patch should be applied as soon as possible. Size :-  3.9MB – 48.4MB
  • MS10-091 – Rated – Critical :- This patch fixes vulnerability in OpenType Font (OTP) Driver which can allow remote code execution. A specially crafted font file is placed on a network shared folder. When user opens the shared folder in Windows explorer the file is initiated, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Size :- 247KB – 1.3MB
  • MS10-092 – Rated – Important :-  This patch resolves  Vulnerability in Windows Task Scheduler. A user with physical access to system and login details can  run a specially crafted application resulting in escalation of privileges attacks. This exploit cannot be used remotely. Size :- 725KB – 1.7MB
  • MS10-093 – Rated – Important :- A vulnerability in Windows Movie Maker can allow remote code execution attack if user is fooled to open a malformed library file. If you have not installed Movie Maker then you are safe from this exploit. Size :- 725KB – 1.7MB
  • MS10-094 – Rated – Important :-  This patch fixes same type of exploit as of Movie Maker the cange only is that this time Windows Media Encoder is affected. Size :- 1.4MB – 3.4MB
  • MS10-095 – Rated – Important :- This patch fixes same type of problem reported in Movie Make and Media Encoder but this time the affected software are windows Live Mail and windows Live Writer. This patch is required if you have installed the above said applications. Size :- 158KB – 415KB
  • MS10-096 – Rated – Important :- Same type of publically disclosed vulnerability in Windows Address Book. Size :- 307KB – 1.0MB
  • MS10-097 – Rated – Important :- This patch fixes publicly disclosed vulnerability in Internet Connection signup wizard of Microsoft Windows. Only Windows XP and Windows Server 2003 are affected by this exploit. Size :- 521KB – 1.0KB
  • MS10-098 – Rated – Important – The security update fixes at least one publicly disclosed vulnerability and several privately reported exploits in Windows Kernel-Mode-Drivers. The vulnerabilities could allow elevation of privileges if attacker is logged into system. This security hole can not be exploited from remote location. Size :-  1.1MB – 5.6MB
  • MS10-099 – Rated – Important – With valid logon credentials and physical access to system attacker can run a specially crafted application to exploit this vulnerability in Routing and Remote Access  module of Microsoft Windows XP and 2003. Size :- . 512KB – 1.0MB
  • MS10-100 – Rated – Important :- This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Size :- 79KB – 123KB
  • MS10-101 – Rated – Important :- This security update fixes privately reported vulnerability in Netlogon ROC Service in Windows Server (Domain Controller). An attacker having access to same network with machine having administrative privileges can perform denial of service attack on domain controllers. Size :-  289KB – 1.6MB
  • MS10-102 – Rated – Important :- A user within a Hyper-V can send a bad packet to the host machine, causing a denial of service attack on the host. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This is very specific set of circumstances, and you don’t need to patch unless you are using Hyper-V.  Size :- 468KB – 49.0MB
  • MS10-103 – Rated – Important :- This security update fixes five privately reported vulnerabilities in Microsoft Publisher which can be exploited by opening a specially crafted file. A remote code execution exploit is triggered when the same file is clicked.  Affects you only if the published is installed on ystem Size :- . 2.9MB – 11.9MB
  • MS10-104 – Rated – Important :-  A specially crafted SOAP request to Document Conversion Launcher Service in SharePoint  can trigger a remote code execution. This only works if the Document Conversions Load Balancer Service is on, and be default it isn’t. Install this patch if you use SharePoint. Size :- 1.5MB
  • MS10-105 – Rated – Important :-  This patch fixes seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Size :- 840KB – 2.1MB
  • MS10-106 – Rated  : Moderate :-  This patch fixes one privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Size :- 45.5MB – 49.7MB

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here