Tuesday, August 10, 2010
Today we releasedfourteen security bulletins. Eight have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. Furthermore, six of the fourteen bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Tuesday, August 10, 2010
Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: MS10-052 This bulletin resolves a privately reported vulnerability in Microsoft’s MPEG Layer-3 audio codecs.
Tuesday, August 10, 2010
Today we released several fixes on MS10-048 affecting the win32k.sys kernel component. The most severe vulnerability allows a local user to perform an authenticated elevation of privileges, with no possible remote vector. This update also includes several “Defense in Depth” measures that correct potential integer overflows in unrealistic scenarios. In this blog post we are going to walk you through these vulnerabilities to help explain the technical reasoning behind the DiD rating.
Tuesday, August 10, 2010
In MS10-049, we are also addressing a second vulnerability, CVE-2010-2566. This is a vulnerability in schannel.dll which can potentially lead to Remote Code Execution. The vulnerability is present only in Windows XP and Windows Server 2003, and does not affect Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Tuesday, August 10, 2010
This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols assume that data received after a TLS renegotiation is sent by the same client as before the renegotiation. Renegotiation is TLS functionality that allows either peer to change the parameters of the secure session.
Tuesday, August 10, 2010
This month Microsoft released an update for Windows to address three vulnerabilities in the SMB Server component. Two of the vulnerabilities are remote denial-of-service (DoS) attacks, while one (CVE-2010-2550) has the potential for remote code execution (RCE). This blog post provides more details on the exploitability of CVE-2010-2550, and outlines why the risk of reliable RCE is low.
Tuesday, August 10, 2010
Hi everyone, Yesterday we tweeted to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time. Today we have more information, as well as a planned course of action.
Thursday, August 05, 2010
Hello; I’m Angela Gunn and I’m new to the Response Communications team. Today we’re releasing our advance notification for the August security bulletin release, which is scheduled for Tuesday, August 10. This month’s release is composed of 14 bulletins addressing 34 vulnerabilities in Windows, Microsoft Office, Internet Explorer, SQLMSXML, and Silverlight.
Tuesday, August 03, 2010
Hello - During today’s webcast our team of technical experts answered over fifty questions regarding the August 2010 Out-of-Band Security Release update questions. Click hereto review the entire list of questions and answers from today’s Out-of-Band webcast Q&A page. Also, here is the link to the Q&A index page for your review - in case you wanted to view any of the past 12 webcast Q&A’s.
Monday, August 02, 2010
Hello, As we announced on Friday, today we released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. This security update addresses a vulnerability in the handling of shortcuts that affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. As our colleagues over in the MMPC have noted, several families of malware have been attempting to attack this vulnerability.
