Security 10809 Published by

Microsoft has updated the following two security bulletins:

- MS10-033 - Critical: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) - Version:1.3
- MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:2.2



MS10-033 - Critical: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) - Version:1.3
Severity Rating: Critical - Revision Note: V1.3 (June 23, 2010): Corrected the verification registry keys for Quartz.dll (DirectShow), Asycfilt.dll (COM component), and Windows Media Format Runtime 9.5 on Windows XP Professional x64 Edition Service Pack 2.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:2.2
Severity Rating: Important - Revision Note: V2.2 (June 23, 2010): Corrected installation switches for Movie Maker 6.0 on Windows Vista and removal information for Movie Maker 2.6 on Windows Vista and Windows 7.

Summary: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more