Microsoft Security Bulletin November 2010 - gHacks Tech News

Microsoft Security Bulletin November 2010

Microsoft has released information and patches of this month's patch day. It is promising that there is no patch for Windows in this month's patch day. The three bulletins that have been released fix security issues in Microsoft Office and Microsoft forefront United Access Gateway. One of the MS Offices bulletins has a maximum severity rating of critical, the other two bulletins an important rating. Lets take a closer look at the bulletins.

  • MS10-087 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) - This security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS10-088 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) - This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS10-089 - Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) - This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.

The security patches are as usually available via Windows Update, Microsoft Update and direct download. Office and Forefront users should patch the security vulnerabilities as soon as possible, everyone else can relax this month and wait for things to come. (via)

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Paul(us) said on November 10, 2010 at 12:37 pm
    Reply

    Thanks again Martin for this fairy handy overview from this months Microsoft patches.

  2. Danny said on November 10, 2010 at 1:50 pm
    Reply

    But let’s not forget the 0-day exploit in IE that wasn’t patched. I don’t use IE but it’s disconcerting to know that a known critical flaw is unpatched.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.