Security 10745 Published by

Microsoft has updated the following security bulletins:

- MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) - Version:1.1
- MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) - Version:1.1
- MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) - Version:1.1
- MS10-054 - Critical: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) - Version:1.1
- MS10-050 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) - Version:1.1
- MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:2.3



MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (August 11, 2010): Added a link to Microsoft Knowledge Base Article 2265906 under Known Issues in the Executive Summary. Also corrected the entries for Microsoft Silverlight in the Non-Affected Software table and the workarounds for Microsoft Silverlight Memory Corruption Vulnerability - CVE-2010-0019.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario.
Read more

MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (August 11, 2010): Added a link to Microsoft Knowledge Base Article 2269707 under Known Issues in the Executive Summary.

Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (August 11, 2010): Corrected the update package names for Microsoft Office Word Viewer and Microsoft Office Compatibility Pack in the deployment reference tables. This is an informational change only. There were no changes to the security update files or detection logic.

Summary: This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-054 - Critical: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (August 11, 2010): Corrected the security impact for Windows Server 2003, Windows 7, and Windows Server 2008 R2 for SMB Pool Overflow Vulnerability - CVE-2010-2550. This is an informational change only.

Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Read more

MS10-050 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (August 11, 2010): Added a link to Microsoft Knowledge Base Article 981997 under Known Issues in the Executive Summary.

Summary: This security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:2.3
Severity Rating: Important - Revision Note: V2.3 (August 11, 2010): Removed Windows Movie Maker 2.6 as an affected component on Windows 7.

Summary: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more