Microsoft Security Updates: June 8th 2010
Security Updates
Update: MS10-032/KB979559
Type: Important
Affected Systems: 2000, XP, 2003, Vista, 7, 2008, 2008 R2
What it does: A trio of bugs in the Windows kernel can allow the use of malformed fonts to allow escalation of privileges attacks. It would be a bit hard to sneak a font onto the system without some sort of install privileges anyways, which is why this patch can wait until your next patch cycle.
Size: 1.0MB – 4.3MB
Update: MS10-033/KB979902
Type: Critical
Affected Systems: 2000, XP, Vista, 7, 2003, 2008, 2008 R2
What it does: This patch addresses a pair of vulnerabilities in Windows’ media subsystem which allows specially crafted media files and streaming content to execute remote code execution exploits. One of the vulnerabilities is less serious that the other, but you should patch your systems immediately all the same. Depending on your system, you may need to install up to four separate patches to address of the issues.
Size: 105KB – 4.8MB
Update:MS10-034/KB980195
Type: Critical/Moderate
Affected Systems: 2000, XP, Vista, 7)/Moderate (2003, 2008, 2008 R2
What it does: This patch updates the ActiveX kill bits and fixes two bugs in ActiveX that could allow remote code execution attacks. If you allow ActiveX on your desktops (which you shouldn’t, other than for internal sites), install this immediately, otherwise, wait until your next patch cycle.
Size: 26KB – 1.0MB
Update:MS10-035/KB982381
Type: Critical
Affected Systems: 2000, XP, Vista, 7, 2003, 2008, 2008 R2
What it does: Five security holes in Internet Explorer 5, 6, 7, and 8 which can allow remote code execution attacks are fixed with this cumulative update. Some of them are rating as “Moderate” but I don’t see any specific combination of IE version and OS that does not make it “critical.” I would install this patch immediately.
Size: 3.3MB – 48.4MB
Update:MS10-036/KB983235
Type: Important
Affected Systems: Office XP, Office 2003, Office 2007
What it does: COM validation in Office has a bug which can allow remote code execution attacks. Since you should not be allowing COM to be running in Office from outside sources, this is a less risky bug than it could be. Patch your systems on the next scheduled times.
Size: 2.9 – 15.5MB
Update:MS10-037/KB980218
Type: – Important
Systems Affected: 2000, XP, Vista, 7, 2003, 2008, 2008 R2
What it does: Another font handling issue is allowing escalation of privileges attacks across all versions of Windows. Like MS10-032, this one can wait until your next regular patch period.
Size: 496KB – 1.3MB
Update:MS10-038/KB2027452
Type: Important
Systems Affected: Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Office 2007 File Formats
What it does: A whopping fourteen security bugs in the way Microsoft Office opens files are fixed with this patch. The worst can result in remote code execution attacks. Microsoft says this one is “Important” but I call it “Critical” due to the widespread use of Office, and I suggest that you patch immediately.
Size: 9.7MB – 332.8MB
Update:MS10-039/KB980218
Type: Important
Systems Affected: InfoPath 2003, InfoPath 2007, Office SharePoint Server 2007, Windows SharePoint Services 2.0
What it does: Three problems with SharePoint are fixed with this patch. The issues allow an attacker to perform a variety of attacks, including an escalation of privileges attack if a SharePoint user clicks on a malformed link in SharePoint. This is not a burning issue and the patch can wait until your usual patch time.
Size: 2.9MB – 109.3MB
Update:MS10-040/KB982666
Type: Important
Systems Affected: Vista, 7, 2003, 2008, 2008 R2
What it does: Computers running IIS 6, 7, and 7.5 are vulnerable to a remote code execution attack that will run with full privileges when an attacker sends a malformed HTTP request. Microsoft calls this patch “Important” but I think that understates the issue for servers. I would patch servers immediately, and leave desktops for the regular path cycle.
Size: 43KB – 4.0MB
Update:MS10-041/KB981343
Type: Important
Systems Affected: 2000, XP, Vista, 7, 2003, 2008, 2008 R2
What it does: A problem affecting all versions of the .NET Framework’s handling of signed XML content could allow the data to be altered without being detected. This is a fairly minor issue, so this patch can wait until you do your normal patching.
Size: 123KB – 2.2MB
Update: KB982167/KB982168/KB982532/KB98253/KB982535/KB982536
Type: Important
Systems Affected: Windows Server 2003, 2008, XP, Vista
What it does: Updates .NET Framework 2.0 or 3.0
Size: 116KB – 2.0MB