Security 10809 Published by

Technet has published the following security bulletin updates:

- MS10-045 - Important: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) - Version:1.1
- MS10-044 - Critical: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) - Version:1.1
- MS10-043 - Critical: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) - Version:1.1



MS10-045 - Important: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (July 14, 2010): Added a link to Microsoft Knowledge Base Article 978212 under Known Issues in the Executive Summary.

Summary: This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-044 - Critical: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (July 14, 2010): Added a link to Microsoft Knowledge Base Article 982335 under Known Issues in the Executive Summary.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-043 - Critical: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (July 14, 2010): Added an entry to the update FAQ to provide guidance for Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta releases. Also removed erroneous references to Windows Embedded Standard 7.

Summary: This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Read more