Microsoft is releasing three security bulletins, addressing 11 vulnerabilities.One of the bulletins has a Critical severity rating, while the other two arerated Important. Recapping the trio:
- MS10-087 This bulletin resolves five issues affectingall currently supported Microsoft Office products. The bulletin is rated Criticalfor Office 2007 and Office 2010 due to a preview pane vector in Outlook thatcould trigger the vulnerability when a customer views a specially crafted maliciousRTF (Rich Text Format) file. The update also addresses an Office vectorfor the vulnerability described in SecurityAdvisory 2269637, which has beenreferred to as "DLL Preloading" and "Binary planting." MS10-087 is Microsoft's top prioritybulletin for deployment in November and has an Exploitability Index rating of 1.
- MS10-088 This bulletinresolves two cooperatively disclosed vulnerabilities in Microsoft PowerPointthat could allow remote code execution if a user opens a specially crafted PowerPointfile. The overall severity rating is Important due to the user interactionrequired to open the malicious file and we give the bulletin a rating of 2 inour deployment priority assessment.
- MS10-089 This bulletinresolves four cooperatively disclosed vulnerabilities in Unified Access Gateway(UAG), which is a component of Microsoft Forefront. The most significant ofthese could allow elevation of privilege if a user clicks on a malicious linkon a website. This update is offered through the Microsoft Download Center andis not available through Microsoft Update at this time. With an overall severityrating of Important and user interaction required to exploit, we also give thisa deployment priority of 2.
Microsoft is not aware of any active attacks seeking to exploit thevulnerabilities addressed in this month's release.