Security Bulletin Release for November, 2010 ~ Security Garden

Tuesday, November 09, 2010

Security Bulletin Release for November, 2010

Microsoft released three (3) bulletins addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One of the bulletins is rated Critical with the other two as Important.

Following is the description from the MSRC Blog:

MS10-087 This bulletin resolves five issues affecting all currently supported Microsoft Office products. The bulletin is rated Critical for Office 2007 and Office 2010 due to a preview pane vector in Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF (Rich Text Format) file. The update also addresses an Office vector for the vulnerability described in Security Advisory 2269637, which has been referred to as "DLL Preloading" and "Binary planting." MS10-087 is Microsoft's top priority bulletin for deployment in November and has an Exploitability Index rating of 1.

MS10-088 This bulletin resolves two cooperatively disclosed vulnerabilities in Microsoft PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. The overall severity rating is Important due to the user interaction required to open the malicious file and we give the bulletin a rating of 2 in our deployment priority assessment.

MS10-089 This bulletin resolves four cooperatively disclosed vulnerabilities in Unified Access Gateway (UAG), which is a component of Microsoft Forefront. The most significant of these could allow elevation of privilege if a user clicks on a malicious link on a website. This update is offered through the Microsoft Download Center and is not available through Microsoft Update at this time. With an overall severity rating of Important and user interaction required to exploit, we also give this a deployment priority of 2.

Microsoft is not aware of any active attacks seeking to exploit the vulnerabilities addressed in this month's release.

For complete details, see the references listed below.

References:

MSRC: November 2010 Security Bulletin Release
TechNet: Microsoft Security Bulletin Summary for November 2010
Security Research and Defense: DEP, EMET protect against attacks on the latest Internet Explorer vulnerability

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Tuesday, November 09, 2010