|
Today Microsoft released 17 security bulletins which address
40 vulnerabilities affecting Microsoft Office, Windows, Internet Explorer,
SharePoint Server and Exchange.
This brings the total count for 2010 to 106 bulletins. Of note, only two of the
bulletins are rated Critical, 14 are rated Important and one is Moderate.
In addition to the bulletins released today, Microsoft is announcing plans to
extend the Office File Validation feature currently available in Office 2010,
to Office 2007 and 2003. This will help protect those using older versions of
Microsoft Office from file parsing vulnerabilities.
In particular, Microsoft recommends that systems administrators prioritize the
following Critical bulletins:
·
MS10-090 addressing
vulnerabilities in Internet Explorer.
·
MS10-091 addressing
vulnerabilities in Windows.
Qualys CTO Wolfgang Kandek points
out the following interesting vulnerabilities:
·
MS10-092 is the
last fix for the Stuxnet family of vulnerabilities; others were MS10-046,
MS10-061 and MS10-073. MS10-092 addresses a flaw in the Task Scheduler that can
be used by a local user to gain system privileges and applies only to Windows
Vista, Windows 7 and Windows 2008.
·
MS10-102 is an
attack on Microsoft Hyper-V and while it is "only" a denial of
service attack, it illustrates a coming class of vulnerabilities where a user
on a guest operating system can shutdown the host operating system on a virtual
machine and multiply the impact on the attacked infrastructure.
Source :- Net
Security
|