Security 10809 Published by

Microsoft has updated the following security bulletins: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452), Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902), and Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege



MS10-038 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (June 9, 2010): Removed known issues notation in the Executive Summary. No known issues for this security update currently exist.

Summary: This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-033 - Critical: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (June 9, 2010): Corrected bulletin replacement and notes for the Windows Media Format Runtime 9 update on Microsoft Windows 2000 Service Pack 4. These are informational changes only. There were no changes to the security update files or detection logic. Customers who have already successfully updated their systems do not need to take any action.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-011 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) - Version:1.2
Severity Rating: Important - Revision Note: V1.2 (June 9, 2010): Added a link to Microsoft Knowledge Base Article 978037 under Known Issues in the Executive Summary.

Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Read more