Gladiator Research and Security - » July Microsoft Patch Tuesday

Links

Other Posts: Critical Vulnerability in Microsoft Windows Shell; Domain Registrar Scam

July Microsoft Patch Tuesday

Posted on July 14th, 2010 by Benjamin Harbin

Microsoft has announced 4 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering. Three patches are rated Critical by Microsoft and affects Microsoft Windows and Microsoft Office. One patch is rated Important by Microsoft and affects Microsoft Outlook. Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s July Security Bulletin. Summary information is included below:

Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) – This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message.

Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) – This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization.

Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) – This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls.

Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) – This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook.

Gladiator recommends that users patch their systems immediately for all critical vulnerabilities. All other patches can be applied during your normal patch window.

Related Links:

Microsoft Security Bulletin – (https://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx)
SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=9166&rss)

Tags: Microsoft, Microsoft Windows, Patch Tuesday, Patches

Reader Comments

Sorry, comments are closed.