Critical Patches in Microsoft Bug Updates

July 19th, 2010

Microsoft has released 4 security updates for 5 known dangers in Windows and Office. Systems and programs affected by the Microsoft Bug Updates are: Windows XP, Windows 7, Windows Server 2003, Windows Server 2008, Microsoft Office 2003 and Outlook 2002 to 2007.

Three of the Microsoft Bug Updates were rated by Microsoft as critical, while the fourth had a rating of important. All of the Microsoft Bug Updates were to resolve remote code execution issues, one of which had been know about for over a month.

Microsoft stated in its Security Bulletin:

MS10-042 – Vulnerability in Help and Support Center – This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
Exploitability Index Assessment: 1 – Consistent exploit code likely – This vulnerability is currently being exploited in the Internet ecosystem

MS10-043 – Vulnerability in Canonical Display Driver Could Allow Remote Code Execution – Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Exploitability Index Assessment: 2 – Inconsistent exploit code likely

MS10-044 – Vulnerabilities in Microsoft Office Access ActiveX Controls – The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitability Index Assessment: 1 – Consistent exploit code likely

MS10-045 – Vulnerability in Microsoft Office Outlook – This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitability Index Assessment: 1 – Consistent exploit code likely

The entire security bulletin about the Microsoft Bug Updates can be viewed here.

Related posts:

1. Microsoft Updates Bing with New Entertainment Content
2. The New Windows Live Hotmail Launched Across the Globe
3. Microsoft to Announce Outlook Facebook Integration