Microsoft Security Bulletins August 2010

Posted by bink on August 11 2010, 1:29 PM.

Microsoft released 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and Microsoft considers four of those to be high-priority deployments:

  • MS10-052 This bulletin resolves a privately reported vulnerability in Microsoft's MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
  • MS10-055 This bulletin resolves a privately reported vulnerability in Cinepak Codec, which is used by Windows Media Player to support the .avi audiovisual format. The vulnerability could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
  • MS10-056 This bulletin resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.
  • MS10-060 This bulletin resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.

 

The six other bulletins offered this month are rated Important. Two of the Important-level bulletins, MS10-047 and MS10-048, are Windows Kernel updates.

As always, Microsoft recommends that customers test and deploy all security updates as soon as they can.

For a closer look at some of the issues involved in these bulletins, our Security Research & Defense (SRD) team writes about MS10-048, MS10-049, and MS10-054 today on its blog.