Security 10809 Published by

Microsoft has updated the following security bulletins: Vulnerability in Microsoft .NET Framework Could Allow Tampering, Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution, Cumulative Security Update for Internet Explorer, Vulnerabilities in Media Decompression Could Allow Remote Code Execution, and Vulnerability in Windows Movie Maker Could Allow Remote Code Execution



MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (June 16, 2010): Corrected the registry key verification for Microsoft .NET Framework 2.0 Service Pack 2.

Summary: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Read more

MS10-036 - Important: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (June 16, 2010): Corrected the update file name for Microsoft Office Word 2007 in the Security Update Deployment section. Also added an entry to the update FAQ to explain why the update may be offered even when none of the affected software is present on the system.

Summary: This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
Read more

MS10-035 - Critical: Cumulative Security Update for Internet Explorer (982381) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (June 16, 2010): Corrected the Disable the IEDTExplorer Component workaround for CVE-2010-1261.

Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-033 - Critical: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) - Version:1.2
Severity Rating: Critical - Revision Note: V1.2 (June 16, 2010): Added known issues notation in the Executive Summary and corrected the Disable decoding of MJPEG content in Quartz.dll workaround for CVE-2010-1880.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:2.1
Severity Rating: Important - Revision Note: V2.1 (June 16, 2010): Corrected installation switches and removal information for Movie Maker 2.6 on Windows Vista and Windows 7.

Summary: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more