August '10 Patch Tuesday Detailed
Article by George Norman
On 11 Aug 2010
Microsoft recently announced that during this month’s patch Tuesday it would release a record number of security bulletins. To be more precise, the Redmond-based software giant announced it would roll out 14 security bulletins – these 14 security bulletins are meant to plug a grand total of 34 vulnerabilities that plague the company’s Windows operating system, the Office productivity suite, the Internet Explorer web browser, and the Silverlight web application framework.

Until now all we know was that out of the 14 security bulletins, 8 have been deemed critical while 6 have been classified as important. Microsoft has now released additional information about these bulletins; here is the info that Microsoft made public:

Advertising

Title: MS10-049 Vulnerabilities in SChannel Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: One publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. An attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
Most likely attack vector: Victim browses to a malicious https website.
Affected software: Microsoft Windows

Title: MS10-051 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
Most likely attack vector: Victim browses to a malicious website.
Affected software: Microsoft Windows

Title: MS10-052 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
Rating: Critical (remote code execution).
Description: A privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
Most likely attack vector: Victim browses to a malicious webpage or opens a malicious ASX file with Media Player.
Affected software: Microsoft Windows

Title: MS10-053 Cumulative Security Update for Internet Explorer
Rating: Critical (remote code execution)
Description: Six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
Most likely attack vector: Victim browses to a malicious website.
Affected software: Microsoft Windows, Internet Explorer

Title: MS10-054 Vulnerabilities in SMB Server Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: Several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.
Most likely attack vector: Windows XP system compromised via over-the-network SMB packet.
Affected software: Microsoft Windows

Title: MS10-055 Vulnerability in Cinepak Codec Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: A privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
Most likely attack vector: Victim browses to a malicious webpage or opens a malicious AVI movie with Media Player.
Affected software: Microsoft Windows

Title: MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: Four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Most likely attack vector: Victim opens malicious RTF file using Microsoft Word or views RTF email using Outlook 2007.
Affected software: Microsoft Office

Title: MS10-060 Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario.
Most likely attack vector: Victim browses to a malicious webpage.
Affected software: Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

Title: MS10-047 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Rating: Important (elevation of privilege)
Description: Several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level.
Affected software: Microsoft Windows

Title: MS10-048 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Rating: Important (elevation of privilege)
Description: One publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level.
Affected software: Microsoft Windows

Title: MS10-050 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
Rating: Important (remote code execution)
Description: A privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file.
Most likely attack vector: Victim opens malicious MSWMM file sent via email or downloaded via website.
Affected software: Microsoft Windows

Title: MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
Rating: Important (remote code execution)
Description: A privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Most likely attack vector: Victims opens malicious XLS file sent via email or downloaded via website.
Affected software: Microsoft Office

Title: MS10-058 Vulnerabilities in TCP/IP Could Allow Elevation of Privilege
Rating
: Important (elevation of privilege)
Description: Two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Most likely attack vector: Remote attacker causes victim machine to bugcheck. Attacker logged-in to machine locally exploits vulnerability to elevate to a higher privilege level.
Affected software: Microsoft Windows

Title: MS10-059 Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege
Rating
: Important (elevation of privilege)
Description: One publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level.
Affected software: Microsoft Windows

The Microsoft Security Response Center (MSRC) has provided these visual representations of the August 2010 Patch Tuesday update.







Tags: Microsoft, Patch Tuesday
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 19 Jun 2017
Don’t worry. I’m not going to rehash all those facts that everyone already knows about Bill Gates, like how he got arrested for driving without a license, that he is a college dropout, and that he plans to give most of his fortune to charity.
By George Norman on 31 Jul 2017
Microsoft has a new keyboard to offer: the new, premium quality Microsoft Modern Keyboard with Fingerprint ID. If you’re not familiar with it, then keep on reading and you’ll uncover pretty much everything there is to know about this keyboard.
By George Norman on 18 Jul 2017
Sure, text remains the main method of communicating with others when using a messenger application like Skype, but if you really want to get the message across, using an emoticon, emoji or sticker can’t hurt.
By George Norman on 07 Jun 2017
Yes, I know that the global PC market is in a downwards spiral for its nth quarter and that mobile usage is on the rise. Still, I argue that a desktop PC is better than all the other alternatives.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
August '10 Patch Tuesday Detailed
HTML Linking Code