Below is a brief summary of what has been announced for the July Microsoft patches. As more information comes available I will update this entry.
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx
Two critical patches for Windows operating systems
Windows XP/SP2 (32 and 64bit) and also SP3 (32bit)
Windows 7 and 2008R2 (64bit)
One critical and one important patch for Office
Office XP/SP3, Office 2007SP1/SP2 (Access) and Office 2003SP3 (Access)
Outlook 2002SP3, Outlook 2003SP3, and Outlook 2007SP2 and SP3 (Important)
Update – July 13
It appears that the critical Windows XP patch is associated with the help and support center vulnerability
http://www.microsoft.com/technet/security/bulletin/ms10-042.mspx
Additional information available at http://isc.sans.edu/diary.html?storyid=9166
Update July 14 – DIR info
>>> William Perez <> 7/14/2010 7:34 AM >>>
***** Preliminary analysis ? Not for distribution beyond your organization *****
The following is MS-ISAC preliminary analysis of the four Microsoft security bulletins issued on 07/13/2010. This analysis is based only on the information Microsoft provided and therefore may be subject to change as more details emerge. As details are finalized we may issue advisories for those vulnerabilities that should be addressed as soon as possible.
(MS10-042) -Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
Severity: Critical
Primary Attack Vector: Specially crafted URL
Publically Disclosed: Yes
Assumptions: None
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes Update advisory 2010-046
(MS10-043) -Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
Severity: Critical
Primary Attack Vector: Specially crafted image file
Publically Disclosed: Yes
Assumptions: Aero Theme must be enabled and attacker must defeat ASLR
Recommendations: Patch as soon as possible after appropriate testing
Advisory Candidate: No
(MS10-044) -Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
Severity: Critical
Primary Attack Vector: Specially crafted webpage or HTML email
Publically Disclosed: No
Assumptions: None
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes
(MS10-045) -Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
Severity: Critical
Primary Attack Vector: Specially crafted email with an attachment
Publically Disclosed: No
Assumptions: None
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes
Leave a Reply
You must be logged in to post a comment.