MA-238.072010: MyCERT Alert - Latest Patch for Microsoft Vulnerabilities (July 2010)

Date of publication: 2010-07-14

1.0 Introduction

Microsoft is releasing four security bulletins MS10-042, MS10-043, MS10-044 and MS10-045 to address two vulnerabilities in Microsoft Windows and two in Microsoft Office. Three of the vulnerabilities are rated as Critical and one is rated as Important. As always, we recommend that customers test and deploy both security updates as soon as possible.

2.0 The list of the critical vulnerabilities is as below:

1.Vulnerability in Help and Support Center Could Allow Remote Code Execution

This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.

Security Bulletin : http://go.microsoft.com/fwlink/?LinkId=194729

Affected Products

The detail list of the vulnerable products and versions are as below:

• Windows XP Service Pack 2 and Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems

2. Vulnerability in Canonical Display Driver Could Allow Remote Code Execution

This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.

Security Bulletin: http://go.microsoft.com/fwlink/?LinkId=194164

Affected Products

The detail list of the vulnerable products and versions are as below:

• Windows 7 for x64-based Systems
• Windows Server 2008 R2 for x64-based Systems

3. Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution

This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Security Bulletin: http://go.microsoft.com/fwlink/?LinkId=195244

Affected Products

The detail list of the vulnerable products and versions are as below:

• >Microsoft Office Access 2003 Service Pack 3
• Microsoft Office Access 2007 Service Pack 1
• Microsoft Office Access 2007 Service Pack 2

4. Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution

This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Security Bulletin: http://go.microsoft.com/fwlink/?LinkId=178810

Affected Products

The detail list of the vulnerable products and versions are as below:

• Microsoft Office Outlook 2002 Service Pack 3
• Microsoft Office Outlook 2003 Service Pack 3
• Microsoft Office Outlook 2007 Service Pack 1
• Microsoft Office Outlook 2007 Service Pack 2

3.0 Recommendations

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the windows update is available at the following URL:

• http://www.mycert.org.my/en/resources/os/main/main/detail/707/index.html

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor. For further enquiries, MyCERT can be reached through the following channels:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

4.0 References

• http://www.microsoft.com/technet/security/bulletin/MS10-jul.mspx
• http://go.microsoft.com/fwlink/?LinkId=194729
• http://go.microsoft.com/fwlink/?LinkId=194164
• http://go.microsoft.com/fwlink/?LinkId=195244
• http://go.microsoft.com/fwlink/?LinkId=178810