Time for the June 2010 summary of the upcoming Microsoft Security Updates….

Blog Post created by rapid7-admin on Jun 9, 2010

Originally Posted by Suzanne Dickson



As summer comes upon us in the Northern hemisphere, June is again one of the heavier months for Microsoft. For 2009, it was 10 Advisories, covering 31 Vulnerabilities. For June 2010, Microsoft has announced 10 Advisories, with 34 Vulnerabilities covered. 

For Windows, 2 Critical and 4 Important are listed. For Office, 2 rated as Important. Another Important Advisory affects both Windows and Office. And the last Advisory is Critical and affects Internet Explorer. 

6 Advisories may lead to Remote Code Execution, 3 may lead to Privilege Escalation and one may lead to Tampering. 2 require a restart and the other 8 may require a restart. 

Josh Abraham, one of our Security Researchers here at Rapid7 commented: "There was a huge amount of vulnerabilities listed for Office today! One of the bulletins had 16 vulnerabilities. It is important to keep in-mind the perspective of the attacker when prioritizing the remediation efforts. The exploitability of the vulnerabilities is very high so customers should watch out for exploits in the near future." 

"Another month with KillBits and Media vulnerabilities! Both of these should be at the top of the list for remediation. The interesting thing about the Kill bits issue is that it was not included in the exploitability rankings, but it affects IE8 developer tools, Microsoft Data Analyzer and a few Third-Parties." 

Josh also slipped MS10-035 a bit farther down his patch list. "I think people should be patching the media decompression vulnerability first," he said, referring to MS10-033. "I'd put the IE update directly following that." 

MS10-033 contains fixes for two vulnerabilities, both critical, that affect every supported operating system in Microsoft's portfolio, including the newest, Windows 7. Microsoft said that DirectX, the Windows media runtime, the encoder and a COM component all contain bugs. "This is more of the usual," said Abraham, talking about MS10-033, "where attackers can leverage client software using drive-by downloads." 

Here’s a breakdown: 

MS10-033: Rated Critical. Potential Remote Code Execution in Windows covering 2 vulnerabilities - CVE-2010-1879 (Media Decompression Vulnerability) and CVE-2010-1880 (MJPEG Media Decompression Vulnerability). 

MS10-034: Rated Critical. Potential Remote Code Execution in Windows (ActiveX Kill Bits vulnerability) 

MS10-035: Rated Critical. Potential Remote Code Execution in Windows and IE covering 4 vulnerabilities - CVE-2010-1259 (Uninitialized Memory Corruption Vulnerability), CVE-2010-1262 (Memory Corruption Vulnerability), CVE-2010-0255 (Cross-Domain Information Disclosure Vulnerability) and CVE-2010-1257 (toStaticHTML Information Disclosure Vulnerability) 

MS10-032: Rated Important. Potential Elevation of Privilege in Windows covering 3 vulnerabilities - CVE-2010-0485 (Win32k Window Creation Vulnerability) and CVE-2010-0484 (Win32k Improper Data Validation Vulnerability) and CVE-2010-1255 (Win32k TrueType Font Parsing Vulnerability). 

MS10-036: Rated Important. Potential Remote Code Execution in Office covering 1 vulnerability - CVE-2010-1263 (COM Validation Vulnerability). 

MS10-037: Rated Important. Potential Elevation of Privilege in Windows covering 1 vulnerability - CVE-2010-0819 (OpenType CFF Font Driver Memory Corruption Vulnerability). 

MS10-038: Rated Important. Potential Remote Code Execution in Office covering 14 vulnerabilities - CVE-2010-0822 (Excel Object Stack Overflow Vulnerability), CVE-2010-0824 (Excel Record Memory Corruption Vulnerability), CVE-2010-1245 (Excel Record Memory Corruption Vulnerability), CVE-2010-1246 (Excel RTD Memory Corruption Vulnerability), CVE-2010-1247 (Excel Memory Corruption Vulnerability), CVE-2010-1248 (Excel HFPicture Memory Corruption Vulnerability), CVE-2010-1249 (Excel Memory Corruption Vulnerability), CVE-2010-1250 (Excel EDG Memory Corruption Vulnerability), CVE-2010-1253 (Excel ADO Object Vulnerability), CVE-2010-1254 (Mac Office Open XML Permissions Vulnerability), CVE-2010-0821 (Excel Record Parsing Memory Corruption Vulnerability), CVE-2010-0823 (Excel Memory Corruption Vulnerability), CVE-2010-1251 (Excel Record Stack Corruption Vulnerability) and CVE-2010-1252 (Excel String Variable Vulnerability). 

MS10-039: Rated Important. Potential Elevation of Privilege in Office and Server Software covering 3 vulnerabilities - CVE-2010-0817 (Help.aspx XSS Vulnerability), CVE-2010-1257 (toStaticHTML Information Disclosure Vulnerability) and CVE-2010-1264 (SharePoint Help Page Denial of Service Vulnerability). 

MS10-040: Rated Important. Potential Remote Code Execution in Windows covering 1 vulnerability - CVE-2010-1256 (IIS Authentication Memory Corruption Vulnerability).  

MS10-041: Rated Important. Potential for Tampering in Windows and .NET Framework covering 1 vulnerability - CVE-2010-0217 (XML Signature HMAC Truncation Authentication Bypass Vulnerability).  If you have automatic updates turned on then you will get these updates on Tuesday when they are released.  Otherwise make sure you run Windows Update to get them sometime Tuesday afternoon. 

As always, Happy Patching!