Today we released ten security bulletins. Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
|
Bulletin |
Most likely attack vector |
Max Bulletin Severity |
Max Exploit-ability Index Rating |
Likely first 30 days impact |
Platform mitigations and key notes |
|
MS10-035 (IE) |
Victim browses to a malicious webpage. |
Critical |
1 |
Proof-of-concept has been presented publicly for Information Disclosure issue. Likely to also see exploit released for one or more of these memory corruption vulnerabilities. |
IE users on later platforms at reduced risk due to Protected Mode mitigating the information disclosure issue. IE8 users on Windows Vista and Windows 7 at reduced risk due to presence of DEP and ASLR. Please see this SRD blog post for more information |
|
MS10-033 (quartz.dll) |
Victim browses to a malicious webpage or opens a malicious AVI movie with Media Player. |
Critical |
1 |
Likely to see an exploit released able to exploit the vulnerability in MJPEG parsing. |
|
|
MS10-034 (killbits) |
Victim browses to a malicious webpage. |
Critical |
n/a |
May see an exploit released able to exploit one or both of the Microsoft ActiveX controls. |
CVE-2010-0252: Victim must have Office XP’s Data Analyzer (MSDA) package installed to be vulnerable. CVE-2010-0811: User interaction required |
|
MS10-032 (kernel drivers) |
Attacker already running code with low privileges on a vulnerable machine runs a malicious EXE to elevate to a higher privilege level. |
Important |
1 |
Likely to see an exploit released able to elevate from a low privileged user on the box to a higher privilege. |
Please see this SRD blog post for more information about exploitability |
|
MS10-038 (Excel) |
Victim opens a malicious XLS file that exploits a vulnerability to run arbitrary code. |
Important |
1 |
Exploit likely to be developed for one of more of these XLS parsing vulnerabilities in the next 30 days. |
|
|
MS10-036 (Office ActiveX) |
Victim opens a malicious Office document that instantiates an ActiveX control to result in code execution. |
Important |
1 |
Likely to see malicious Office documents that exploit this within the next 30 days. |
|
|
MS10-039 (SharePoint) |
Victim clicks an attacker-sent link to a Sharepoint server on which they have administrative rights. Attacker-supplied link causes them to take an automatic action on the Sharepoint Server. |
Important |
1 |
Proof-of-concept already public for this issue. However, we have not heard of real-world attacks from either customers or partners. |
|
|
MS10-040 (IIS) |
Attacker connects remotely over HTTP to IIS server that has installed the (optional) Channel Binding Update and has enabled (off-by-default) Windows Authentication. |
Important |
2 |
Less likely to see exploits developed resulting in successful code execution in next 30 days. |
|
|
MS10-037 (OpenType) |
Local user running at low privileges on a vulnerable machine runs a malicious EXE to elevate to a higher privilege level. |
Important |
2 |
Less likely to see exploits developed resulting in successful code execution in next 30 days |
|
|
MS10-041 (.NET) |
Custom .NET applications that rely on XML signature protection as tamper protection could be tampered with in an undetected manner. |
Important |
3 |
Unlikely to see exploit developed in the next 30 days. |
No Microsoft .NET applications are vulnerable to this issue. Usage of the specific API thought to be low in real-world.
Please see this SRD blog post for more information
|
– Jonathan Ness, MSRC Engineering