It is interesting to note that the severity rating of the first bulletin is critical on Windows XP and Vista, while only important on Windows 7 and Windows Server 2008 R2. When you look at all bulletins you will notice that Windows XP is affected by all, Vista by five and Windows 7 by four of the vulnerabilities addressed in the bulletins.

The Security Bulletins have just been posted on Microsoft’s Technet website. Here is this month’s summary with links to each security bulletin.

• MS12-004 – Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-001 – Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
• MS12-002 – Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-003 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) – This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. All supported editions of Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.

• MS12-005 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-006 – Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) – This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
• MS12-007 – Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) – This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.

The updates are already available on Windows Update. The easiest way to open the updating tool is to click on the start menu orb and select Windows Update from the program listing there.

Windows users who do not want to or can’t use Windows Updates can download the updates from Microsoft’s Download Center beginning later today. Microsoft as usual will release an ISO image with all security updates of the month for easier distribution.

Update: The severity and exploitability index and bulletin deployment information have been posted.

The next security updates will be released on February 14, 2012.

At least one of the vulnerabilities has received the maximum severity rating of critical, the highest possible rating, on all affected operating systems and .Net versions. Microsoft notes that the most severe vulnerability could allow elevation of privileges “if an unauthenticated attacker sends a specially crafted web request to” a target site. Attackers who successfully exploit the issue can “take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands”.

Security updates are already listed on Windows Update. Windows users who have only installed the Microsoft .Net Framework 4.0 Client Profile may only see important in Windows Update instead of critical ones. That is because ASP.Net, the component that is affected by the critical vulnerability, is not included in this version of the framework.

Most Windows users have configured automatic updates. Users who do not use automatic updates or Windows Update may download the patches from the Microsoft Update Catalog site instead. Please note that you can only open the site in Internet Explorer and not in other browsers.

Microsoft’s Download Center is currently not listing the security updates. It is however likely that they will appear on the site in the next days.

A restart of the computer is not required after applying the patches. The patches will merely stop related services during patches before they are restarted.

Additional information about the security vulnerability are available on the Microsoft Security Bulletin page. This bulletin raises the count to 100 bulletins that have been released by the Redmond company in 2011.

The updates are already available on Windows Update and via the Microsoft Download Center for users who prefer to download them separately. A DVD Iso image has also been released with December’s security updates.

Microsoft recommends to focus the attention on the MS11-092 – Windows Media and MS11-087 – Windows critical updates before installing the remaining patches. The bulletin deployment priority table, and severity and exploitability index provide further assistance.

Here is a list of all bulletins released in December 2011 by Microsoft.

• MS11-087 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
• MS11-090 – Cumulative Security Update of ActiveX Kill Bits (2618451) – This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
• MS11-092 – Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) – This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
• MS11-088 – Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) – This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
• MS11-089 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) – This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-091 – Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) – This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-093 – Vulnerability in OLE Could Allow Remote Code Execution (2624667) – This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS11-094 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) – This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-095 – Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
• MS11-096 – Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) – This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
• MS11-097 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-098 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS11-099 – Cumulative Security Update for Internet Explorer (2618444) – This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.

The next upcoming scheduled security update will be on the 10th of January 2012.

In this case, the critical rating applies to all operating systems that Microsoft supplies with security patches. This includes the client operating systems Windows XP, Vista and Windows 7 as well as the server operating systems Windows Server 2008 and 2008 R2.

Here are two graphs visualizing the severity and exploitability index and the bulletin deployment priority.

Here is the list of security bulletins released in November 2011 by Microsoft.

• MS11-083 – Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
• MS11-085 – Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
• MS11-086 – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
• MS11-084 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Microsoft has published a video in which Jerry Bryant discusses this month’s bulletins (Silverlight required).

Additional information about this month's security bulletins are available on the Technet Blog page and the Microsoft Security bulletin Summary for November 2011.

The updates are already available on Windows Update. Users who have started their computer earlier today may need to run a manual update check in Windows Update.

The updates will also be available shortly at Microsoft's Download center.

You find information about each security bulletin below. Please follow the links for information about affected operating systems and Microsoft applications. You find a summary of all security bulletins here.

Here are the Bulletin Deployment Priority and Severity and Exploitability Index screenshots for October 2011:

And a video in which Jerry Bryant discusses this month’s bulletins:

Windows users can update their operating system by installing the security patches via Windows Update or Microsoft's Download Center with Windows Update being the better option if the patches do not have to be installed on multiple computer systems.

Updates are already live and available via Windows Update. Additional information are available at Microsoft's Security Response Center.

Vulnerabilities affect Adobe Reader X and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier for Unix, and Adobe Acrobat 10.1 and earlier for Windows and Macintosh.

Adobe as usually recommends to update Adobe Reader to the new version released today. This is Adobe Reader 10.1.1 for Windows and Macintosh, and Adobe Raeder 9.4.5 for Unix, as well as Adobe Acrobat 10.1.1 for Windows and Macintosh.

The security bulletin offers vulnerability details and download links for all Adobe Reader and Acrobat updates.

Microsoft today has released five security bulletins that affect Microsoft Windows, Microsoft Server Software and Microsoft Office. The maximum severity of all five bulletins is Important, the second highest rating available.

Windows Update is already picking up the updates online. Windows users can check for updates in their operating system to download and install the patches right now.

You find summaries for all five bulletins below. Follow the link for detailed descriptions of each security bulletin.

• MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621) – This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) – This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.
• MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) – This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) – This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

You find deployment priority information and the severity index at the Technet blog.

All security issues have received the maximum severity rating of critical, with the exception of the one for RoboHelp which received one of important instead.

The Flash Player update fixes several critical vulnerabilities in all Adobe Flash Player versions for Windows, Macintosh, Linux, Solaris and Android. Versions that are affected by the vulnerability are Flash Player 1.0.3.181.36 and earlier on all supported systems (Android 10.3.185.25 and earlier).

A successful exploit of a vulnerability could cause a crash and the successful taking control of the system in the process.

Adobe recommends that all users update Adobe Flash Player as soon as possible to protect their operating system and data from exploits.

The latest version of Adobe Flash Player can be downloaded from Adobe’s Download Center or in the case of Android from the Android Marketplace.

Windows users can furthermore use the Flash Player Settings Manager that is part of the Windows Control Panel to check for updates. Here it is furthermore possible to check the Flash Player version that is installed on the system. The path is Control Panel > Flash Player (32-bit) > Advanced. Users with a 64-bit version of Flash Player installed need to change the 32-bit to 64-bit in the path.

Additional information about the Flash Player vulnerabilities are available on Adobe’s security bulletin page.

Google Chrome users, who do not have Flash installed separately, have received an update by now that has updated their internal version of Flash to the latest version.

Happy updating everyone.

All in all, the bulletins address 22 vulnerabilities in Microsoft products. The two critical updates address issues in Internet Explorer and DNS Server.

Microsoft has released deployment priorities and the severity and exploitability index. (click on the images for full size)

• MS11-057 – Cumulative Security Update for Internet Explorer (2559049) – This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) – This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.

The bulletins that fix important issues.

• MS11-059 – Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-060 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) – This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-061 – Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) – This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.
• MS11-062 – Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) –
  This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability and take complete control over the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

• MS11-063 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) –
  This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-064 – Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.
• MS11-065 – Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) – This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.
• MS11-066 – Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) – This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected.
• MS11-067 – Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) – This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

And finally the moderate bulletins.

• MS11-068 – Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.
• MS11-069 – Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) – This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

The updates are as usually available via Windows Update and Microsoft’s Download Center (even though I would not recommend using this at this time as it is a mess).

Two of the three remaining vulnerabilities address issues in the Windows operating system as well. Security bulletin MS11-054 describes a vulnerability in Windows Kernel-Mode drivers that could allow elevation of privileges, while bulletin MS11-056 a vulnerability in the Windows Client and Server run-time subsystem.

All supported Microsoft client and server operating systems are affected by the two security vulnerabilities. The last issue is a vulnerability in Microsoft Visio.

Here is an overview of all four security bulletins with links to their pages at the Microsoft Technet website.

• MS11-053 – Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
• MS11-054 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
• MS11-056 – Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
• MS11-055 – Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)

The patches are as usual already available via Windows Update, Microsoft Update and via the Microsoft Download Center. The monthly exploit mitigation guide at the Technet Security blog provides additional information about the vulnerabilities and deployment strategies.

Probably the easiest way to deploy the security updates to a single system is via Windows Update.

Just click on Start > All Programs > Windows Update to open the update screen. You may need to click on Check for updates on the left sidebar if your computer has been up for some time and the updates are not displayed directly in the main window.

Have you updated your system yet? Am I the only user who feels that Microsoft’s Download Center is not usable at all at the moment?

One of the vulnerabilities has a maximum severity rating of critical, the highest possible. The two remaining vulnerabilities are rated as important.

A critical vulnerability has been discovered in Windows Media that could be exploited for remote code execution. The vulnerability has been rated as critical for all Microsoft client operating systems, from Windows XP to Windows 7. Windows Server 2008 R2 is the only server product affected, the vulnerability received a rating of important here.

Below are links to each security bulletin. The Bulletins offer information about the affected products, severity rating and non-affected software.

Users can update their Windows operating system and Microsoft Office via Windows Update, the Microsoft Download Center or by downloading the March 2011 Security Release ISO image.

In other news, Microsoft is still working on a fix for the MHTML-related vulnerability that was discovered in January. Additional information are available at the Microsoft Security Response Center.

Windows users can check for the updates by opening Windows Update which is linked from the Windows start menu. There it is possible to check for new updates which needs to be done if the PC has been running for some time today.

The security bulletin summary for February 2011 offers in depth information about the updates and the affected applications.

All individual security bulletins are listed and linked below as well.

• MS11-003 – Cumulative Security Update for Internet Explorer (2482017) – This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-006 – Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) – This security update resolves a publicly disclosed vulnerability in the Windows Shell graphics processor. The vulnerability could allow remote code execution if a user views a specially crafted thumbnail image. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-007 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) – This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• MS11-004 – Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) – This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS.
• MS11-005 – Vulnerability in Active Directory Could Allow Denial of Service (2478953) – This security update resolves a publicly disclosed vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sent a specially crafted packet to an affected Active Directory server. The attacker must have valid local administrator privileges on the domain-joined computer in order to exploit this vulnerability.
• MS11-008 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) – This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-009 – Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) – This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• MS11-010 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) – This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and starts a specially crafted application that continues running after the attacker logs off in order to obtain the logon credentials of subsequent users. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS11-011 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS11-012 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) – This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS11-013 – Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) – This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
• MS11-014 – Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) – This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003.

  The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

The updates can also be downloaded directly and individually from the Microsoft Download Center. Check out our detailed Windows Update guide for additional information and tips.

A closer look at the security vulnerability reveals that is is rated critical for all 32-bit and 64-bit Windows client operating systems from Windows XP to Windows 7. The same vulnerability is rated as important for all server based operating systems.

The second vulnerability, MS11-001, has a maximum severity rating of important. It fixes a vulnerability in the Windows Backup Manager that could allow remote code execution. The vulnerability affects only the Windows Vista operating system.

• MS11-002 – Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910) – This security update resolves two privately reported vulnerabilities in Microsoft Data Access Components. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-001 – Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935) – This security update resolves a publicly disclosed vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file.

Severity and Exploitability Index

Bulletin Deployment Priority

The images have been taken from the Technet announcement which offers further information about the vulnerabilities and patch deployment.

Windows users are advised to apply the patches as soon as possible to protect their system from possible exploits. The patches can be applied directly via Windows Update or directly from Microsoft Download.

When we look at the severity rating of those vulnerabilities we notice that two of the bulletins have a maximum severity rating of critical while the remaining ones a rating of important with the exception of one that has been rated as moderate.

Maximum severity rating means that at least one Microsoft product is affect this way by the vulnerability. The critical vulnerability MS10-090 affects Internet Explorer 6 to Internet Explorer 8 and is critical on all Microsoft operating systems. Vulnerability MS10-091 on the other hand is critical on Windows Vista and Windows 7 but not on Windows XP, something that we do not see very often thanks to improved security of the two operating systems.

The updates are already available via Windows Update and the Microsoft Download Center.

• MS10-090 – Cumulative Security Update for Internet Explorer (2416400) – This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-091 – Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) – This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS10-092 – Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) – This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-093 – Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) – This security update resolves a publicly disclosed vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-094 – Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) – This security update resolves a publicly disclosed vulnerability in Windows Media Encoder. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-095 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-096 – Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) – This security update resolves a publicly disclosed vulnerability in Windows Address Book. The vulnerability could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-097 – Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) – This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opens an .ins or .isp file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

• MS10-098 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) – This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS10-099 – Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) – This security update addresses a privately reported vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-100 – Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) – This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-101 – Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) – This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability.
• MS10-102 – Vulnerability in Hyper-V Could Allow Denial of Service (2345316) – This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-103 – Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) – This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-104 – Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) – This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007.
• MS10-105 – Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) – This security update resolves seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-106 – Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) – This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Additional information are available at the security bulletin summary and the Microsoft Security Response Center.

• MS10-087 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) – This security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-088 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) – This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-089 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) – This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

The security patches are as usually available via Windows Update, Microsoft Update and direct download. Office and Forefront users should patch the security vulnerabilities as soon as possible, everyone else can relax this month and wait for things to come. (via)

A total of nine bulletins has been released by Microsoft of which four have received a maximum vulnerability impact rating of critical, the highest possible rating. As usual, not all operating systems and applications are affected with the same severity. Microsoft’s latest desktop operating system Windows 7 for instance is either not affected by the critical vulnerabilities, or with a lower severity of important.

windows updates

Below are the vulnerability summaries for all nine bulletins that have been released by Microsoft in September 2010:

• MS10-061 – Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) – This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system.
• MS10-062 – Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) – This security update resolves a privately reported vulnerability in MPEG-4 codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-063 – Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) – This security update resolves a privately reported vulnerability in the Unicode Scripts Processor. The vulnerability could allow remote code execution if a user viewed a specially crafted document or Web page with an application that supports embedded OpenType fonts. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-064 – Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) – This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened or previewed a specially crafted e-mail message using an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-065 – Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) – This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Information Services (IIS). The most severe of these vulnerabilities could allow remote code execution if a client sends a specially crafted HTTP request to the server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• MS10-066 – Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if an attacker sent a specially crafted RPC response to a client-initiated RPC request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker must convince the user to initiate an RPC connection to a malicious server under the attacker’s control. An attacker could not remotely exploit this vulnerability without user interaction.

• MS10-067 – Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opened a specially crafted file using WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS10-068 – Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if an authenticated attacker sent specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. In order to successfully exploit this vulnerability, an attacker must have a member account within the target Windows domain. However, the attacker does not need to have a workstation joined to the Windows domain.
• MS10-069 – Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logged on to an affected system that is configured with a Chinese, Japanese, or Korean system locale. An attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft’s Jerry Bryant has posted graphs for the deployment priority and severity exportability index in a blog post.

severity exportability index

deployment priority

Happy patching everyone.

The severity of the issue and the fact that the security vulnerability was already exploited actively made the out of band release a necessity.

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

windows security update

The patch is available via Windows Update, or via Microsoft Download. Windows users are encouraged to download and install the patch as soon as possible to protect their operating system from attacks exploiting the issue.

Additional information about the issue, deployment of the patch and vulnerability information are available at the Microsoft Security Bulletin.

The updates are already available via Windows Update but can also be downloaded from the Microsoft website in case they need to be deployed on computer systems without Internet connection.

windows update

The severity rating differs depending on the operating system and software version installed. Three security bulletins have a maximum security rating of critical, the most severe one, while the remaining seven are all rated as important.

Vulnerabilities affect various Windows operating systems from Windows 2000 to Windows 7, Microsoft Office, Internet Explorer, Microsoft Server and the Microsoft .net Framework.

• MS10-033 – Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-034 – Cumulative Security Update of ActiveX Kill Bits (980195) – This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.

  The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.

• MS10-035 – Cumulative Security Update for Internet Explorer (982381) – This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-032 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) –
  This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
• MS10-036 – Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) – This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
• MS10-037 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) – This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-038 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) – This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-039 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) – This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
• MS10-040 – Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) – This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• MS10-041 – Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) – This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.

It is advised to install the security patches immediately to protect the PC from exploits that are targeting unpatched computer systems. Additional information are provided by the Security Research & Defense team which offers additional information that are helpful for system administrators and advanced users.

Lastly there is the security bulletin overview which lists all relevant information.

The patch that Microsoft has released is however a cumulative update with patches that will fix Internet Explorer 8 security vulnerabilities as well.

The information posted by Microsoft reads:

MS10-018 resolves Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory

MS10-018 is a cumulative update with the patch for Security Advisory 981374 being one of the patches included in the release. This basically means that Internet Explorer 8 is unaffected by that one vulnerability but affected by others that are included in the cumulative update as well. This is confirmed by the affected and unaffected software listing on the security bulletin page which lists the severity as critical for Internet Explorer 8 as well.

Windows users should install the update as soon as possible to protect their computer system from possible exploits. The update is also available at the Microsoft Download site.

Critical ratings for Windows XP or Windows Server 2003 are usually important or moderate ratings for Windows Vista or Windows Server 2008 thanks to the increased security in those operating systems. Downloads are already available from various official sources including Automatic Updates, Windows Update or Microsoft Update.

• MS09-028 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-029 – Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-030 – Cumulative Security Update of ActiveX Kill Bits (973346) – This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-031 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) – This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS09-032 -Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) – This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
• MS09-033 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It is recommended to install the Microsoft Security Patches as soon as possible to close the security vulnerabilities.

This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update is available on Windows Update and Microsoft Update. Additional information and links can be found at the Security Bulletin that has been created for the security vulnerability. Users of affected software programs are encouraged to perform the security update as soon as possible.