Security 10809 Published by

Microsoft has released/updated the following 3 security advisories:

- MS10-090 - Critical: Cumulative Security Update for Internet Explorer (2416400) - Version:1.1
- Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Execution



MS10-090 - Critical: Cumulative Security Update for Internet Explorer (2416400) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (January 4, 2011): Added an update FAQ to announce a detection change that helps to ensure that previously released cumulative Internet Explorer updates are correctly offered in the order that they were released. This is a detection change only. There were no changes to the security update files.

Summary: This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Revision Note: V1.0 (January 4, 2011): Advisory published.Summary: Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Revision Note: V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks.Summary: Microsoft is investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue.
Read more