Security 10745 Published by

Microsoft has updated the following security bulletins:

- MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) - Version:1.3
- MS10-040 - Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) - Version:1.1
- MS10-038 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) - Version:1.2
- MS09-040 - Important: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) - Version:1.1



MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) - Version:1.3
Severity Rating: Important - Revision Note: V1.3 (June 30, 2010): Corrected the registry key verification for Microsoft .NET Framework 3.5 and Microsoft .NET Framework 2.0 Service Pack 2.

Summary: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Read more

MS10-040 - Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (June 30, 2010): Added a link to Microsoft Knowledge Base Article 982666 under Known Issues in the Executive Summary to address the issue where specific installations of IIS fail on restart after installing this security update.

Summary: This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Read more

MS10-038 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) - Version:1.2
Severity Rating: Important - Revision Note: V1.2 (June 30, 2010): Added a link to Microsoft Knowledge Base Article 2027452 under Known Issues in the Executive Summary.

Summary: This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS09-040 - Important: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (June 30, 2010): Added a link to Microsoft Knowledge Base Article 971032 under Known Issues in the Executive Summary.

Summary: This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.
Read more