MSRC July 2010 Security Bulletin Release Overview
As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office.
MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003. Even though this issue affects Server 2003, we have not found an attack vector on that platform so the severity rating is Low. Windows XP customers should install this update as soon as possible.
MS10-043 resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause a Denial of Service (DoS). Note that this bulletin affects only 64-bit versions of Windows 7 and Windows Server 2008 R2 with Windows Aero enabled. Aero is not installed by default on Server 2008 R2. We are not aware of any active attacks against this issue.
MS10-044 resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. This issue could allow remote code execution if a customer with Access installed opened a specially crafted Office file, or viewed a Web page that instantiated Access ActiveX controls. This security update is rated Critical for supported editions of Microsoft Office Access 2003 and Microsoft Office Access 2007.
MS10-045 This security update resolves another privately reported vulnerability that could allow remote code execution if a customer opened an attachment in a specially crafted e-mail message using an affected version of Outlook -- Microsoft Outlook 2002, Microsoft Office Outlook 2003, or Microsoft Office Outlook 2007.
Published Date: July 13, 2010
Presented By: Trustworthy Computing
Tags: TechNet Edge , Zune , iPod , Security , MSRC , Trustworthy Computing , TwC , Security Bulletin , English , HomePage