Microsoft has released nine security bulletins, four of which include a maximum rating of critical, addressing a total of 13 vulnerabilities.
Several of these are serious, but there are important mitigating factors on them, and users of the most recent products (especially Windows 7 and Office 2010) are least affected.
Among the four critical bugs is vulnerability in a print spooler service that could allow remote code execution. Microsoft said that this vulnerability is already being exploited in the wild, but there are some important mitigating factors. If a system has the print spooler shared over an RPC interface—not the default configuration—then a remote attacker can execute remote code with a malicious print request. The attacker has to be able to access the share, which means the attacker almost certainly has to be on the local network. The flaw is rated critical for Windows XP and important for all other Windows versions.
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com
The second vulnerability affects the MPEG-4 codec. Most Windows versions are affected by this vulnerability, which allows an attacker to take control of a system and either open a malicious MPEG-4 media file or receive a stream with the malicious content. Windows 7, Windows Server 2008 R2, and Itanium systems (both of them) are not affected. Microsoft also said that actual code execution would be unlikely on Windows Vista due to additional heap mitigations in that system.
Microsoft also pointed to a unicode scripts vulnerability. This is an unusual vulnerability in that it affects Office and Windows. All Windows versions other than Windows 7 and Windows Server 2008 R2 are affected. Office versions XP, 2003, and 2007 on Windows are affected, but not Office 2010 or Mac versions. The vulnerability comes by way of a malicious font on a Web page or document that supports embedded OpenType fonts. Microsoft rates consistent exploit code of the vulnerability as unlikely.
A final issue affects Microsoft Outlook. Outlook versions 2002, 2003, and 2007 (not 2010) are vulnerable to compromise by a malicious e-mail message when connected to an Exchange Server in Online mode. Outlook 2002 connects in Online mode by default and is therefore rated Critical on this bug, but 2003 and 2007 connect by default in Cached Exchange mode and are not vulnerable in that configuration. Furthermore, Microsoft said that consistent exploit code of the vulnerability is unlikely.
There are also five vulnerabilities rated “important”:
* MS10-065: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution—All versions of Windows are affected by at least one of three separate vulnerabilities in IIS (Internet Information Services). The only one that is capable of remote code execution is a request header buffer overflow on servers with FastCGI turned on; this error affects only Windows 7 and Windows Server 2008 R2. Most systems are only subject to denial of service. In any event, Microsoft said that functioning exploit code for this vulnerability is unlikely.
* MS10-066: Vulnerability in Remote Procedure Call Could Allow Remote Code Execution—A user who connects by RPC to a malicious server could be compromised and remote code executed on his system. Only Windows XP and 2003 are affected.
* MS10-067: Vulnerability in WordPad Text Converters Could Allow Remote Code Execution—Wordpad on Windows XP and Windows Server 2003 is vulnerable to remote code execution if the user opens a malicious document file.
* MS10-068: Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege—The LSASS service in almost all versions of Windows is vulnerable to compromise through malicious LDAP messages.
* MS10-069: Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege—Windows XP and Windows Server 2003 are vulnerable to compromise through memory assignment errors in the CSRSS.
There are also the usual updates to the Malicious Software Removal Tool and Windows Mail Junk Filter. Another update (KB2398632) is a regression fix, addressing an as-yet unspecified problem in Windows 7 and Windows Server 2008 R2 introduced last month by MS10-053.
Finally, another update (KB2141007), which is specified as “non-security” but sure seems security-related to me, “strengthen[s] authentication credentials in specific scenarios.” This last fix will apply to Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP.