Posts tagged mcpt certification
Microsoft has released a very large set of updates to Windows, IE, Office. the .NET Framework and Microsoft server software.
16 updates address a total of 49 vulnerabilities, but only 5 of the vulnerabilities are rated Critical on any specific platform. Several of the vulnerabilities have already been publicly disclosed.
The four updates addressing a Critical vulnerability are as follows.
•MS10-071: Cumulative Security Update for Internet Explorer —10 vulnerabilities affecting all shipping versions of Internet Explorer are fixed in this update. The public beta of Internet Explorer 9 is not mentioned. Only two of the vulnerabilities are rated Critical on any configuration and one of those only on IE6 on Windows XP. The other Critical affects most versions of Windows critically and Microsoft’s exploitability index rates it as likely to result in consistent exploit code. The other 8 vulnerabilities tend to have important mitigating factors. Two of them have already been disclosed publicly, but Microsoft rates those as unlikely to result in functioning exploit code.
• MS10-075: Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution —The Microsoft Windows Media Player Network Sharing Service in Windows Vista and Windows 7 is vulnerable to a critical vulnerability which could be triggered across the network through a malicious packet. Interestingly, it is rated Critical on Windows 7 and only Important on Vista. The Media Player Network Sharing Service is not enabled by default in either version and—by default—access to home media devices is limited to the local subnet, so it shouldn’t be remotely exploitable from the Internet.
•MS10-076: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution —The Embedded OpenType Font Engine on all versions of Windows (other than Server Core) is vulnerable to a remote code execution bug using a maliciously-crafted font. Microsoft says that ASLR makes the exploit much more difficult, if still possible.
•MS10-077: Vulnerability in .NET Framework Could Allow Remote Code Execution—On 64-bit systems the .NET Framework is vulnerable to a remote code execution vulnerability. It can allow a specially crafted .NET application to access memory in an unsafe manner.
The 10 updates with a maximum rating of Important are as follows:
•MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure—Windows SharePoint Services, Microsoft SharePoint Foundation, Microsoft SharePoint Server Microsoft Groove Server, and Microsoft Office Web Apps are vulnerable to two HTML sanitization vulnerabilities. These could result in information disclosure or cross-site scripting, but Microsoft says that functioning exploit code is unlikely.
•MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege—All versions of Windows are affected by at least 2 of 3 vulnerabilities, all of which have been publicly exposed already and one of which is being exploited in the wild. All 3 require that the attacker have valid logon credentials and be able to log on locally, making this a difficult problem to exploit.
•MS10-078: Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege—Two vulnerabilities in Windows XP and Server 2003 could allow code execution in kernel mode, but the attacker must have valid logon credentials and be able to log on locally.
•MS10-079: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution—11 vulnerabilities affect Microsoft Word. Only Word 2002 is affected by all and only one – CVE-2010-3214 – affects more than a couple versions. But this one is a doozy. A stack overflow when handling a malicious Word document could lead to remote code execution.
•MS10-080: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution—Not to be outdone by Word, Excel gets 13 vulnerabilities disclosed in this update, affecting many versions including the Mac versions and viewers, but not Excel 2010.
•MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution—Almost all versions of Windows are affected by a heap overflow in the Common Control Library. The attack is committed through a 3rd party SVG (scalable vector graphics) viewer which must be installed on the system.
•MS10-082: Vulnerability in Windows Media Player Could Allow Remote Code Execution—A specially-crafted web page could trigger a vulnerability in all versions of Windows Media Player.
•MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution —An error in how the Windows Shell and Wordpad validate COM object instantiation could lead to remote code execution.
•MS10-084: Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege—Windows XP and Server 2003 are vulnerable to an elevation of privilege vulnerability exists in the Remote Procedure Call Subsystem (RPCSS).
•MS10-085: Vulnerability in SChannel Could Allow Denial of Service —Windows Vista, Windows 7 and Windows Server 2008 are vulnerable to a denial of service vulnerability in the processing of IIS client certificates.
Two vulnerabilities have a maximum rating of Moderate:
•MS10-074: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution—MFC has an error in the processing of Window titles.
•MS10-086: Vulnerability in Windows Shared Cluster Disks Could Allow Tampering—The Failover Cluster Manager user interface in Windows Server 2008 R2 has a tampering vulnerability in the handling of permissions on shared cluster disks.