Security 10745 Published by

Microsoft just updated the following 3 security bulletins:

- MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) - Version:1.4
- MS10-024 - Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) - Version:2.0
- MS10-021 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) - Version:1.1



MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) - Version:1.4
Severity Rating: Important - Revision Note: V1.4 (July 13, 2010): Revised this bulletin to announce an installation logic change to the updates for Microsoft .NET Framework 1.1 Service Pack 1 (KB979906) and Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 (KB979909). This is an installation logic change only that does not affect the update files contained in the initial update. Customers who have successfully updated their systems do not need to reinstall this update.

Summary: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Read more

MS10-024 - Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) - Version:2.0
Severity Rating: Important - Revision Note: V2.0 (July 13, 2010): Rereleased bulletin to reoffer the updates for Windows Server 2008 and Windows Server 2008 R2 to address the known issue listed in KB 976323.

Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.
Read more

MS10-021 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (July 13, 2010): Added an entry in the Update FAQ to announce a detection change to the update for Windows 7 for 32-bit Systems. This is a detection change only. There were no changes to the security update files in this bulletin. Customers who have already installed the update successfully do not need to reinstall.

Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Read more