June '10 Patch Tuesday Detailed
A few days ago Redmond-based software giant announced that on Patch Tuesday it would be rolling out 10 security bulletins that plug a total of 34 vulnerabilities that plague the Windows operating system, the Microsoft Office productivity suite, and the Internet Explorer web browser. This month’s Patch Tuesday has come and gone, which means we now have more details on the security bulletins Microsoft released. Here are those details:
Title: MS10-033 Vulnerabilities in Media Decompression Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: Two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user.
Most likely attack vector: Victim browses to a malicious webpage or opens a malicious AVI movie with Media Player.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3
Title: MS10-034 Cumulative Security Update of ActiveX Kill Bits
Rating: Critical
Description: Two privately reported vulnerabilities for Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. This update also includes kill bits for four third-party ActiveX controls. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.
Most likely attack vector: Victim browses to a malicious webpage.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 3
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
Title: MS10-035 Cumulative Security Update for Internet Explorer
Rating: Critical
Description: Five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
Most likely attack vector: Victim browses to a malicious webpage.
Affected software:
- Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 4)
- Microsoft Internet Explorer 6 (Windows Server 2003 Service Pack 2)
- Microsoft Internet Explorer 6 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft Internet Explorer 6 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft Internet Explorer 6 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft Internet Explorer 6 (Windows XP Service Pack 2)
- Microsoft Internet Explorer 6 (Windows XP Service Pack 3)
- Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
- Microsoft Internet Explorer 7 (Windows Server 2003 Service Pack 2)
- Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems)
- Microsoft Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems)
- Microsoft Internet Explorer 7 (Windows Server 2008 for x64-based Systems)
- Microsoft Internet Explorer 7 (Windows XP Service Pack 2 and Windows XP Service Pack 3)
- Microsoft Internet Explorer 7 (Windows XP Service Pack 3)
- Microsoft Internet Explorer 8 (Windows Server 2008 for 32-bit Systems)
- Microsoft Internet Explorer 8 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft Internet Explorer 8 (Windows Server 2008 R2 for Itanium-based Systems)
- Microsoft Internet Explorer 8 (Windows XP Professional x64 Edition Service Pack 2)
- Windows Internet Explorer 7 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Windows Internet Explorer 7 (Windows Server 2003 x64 Edition Service Pack 2)
- Windows Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Windows Internet Explorer 7 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Windows Internet Explorer 7 (Windows Vista Service Pack 1)
- Windows Internet Explorer 7 (Windows Vista Service Pack 2)
- Windows Internet Explorer 7 (Windows Vista x64 Edition Service Pack 1)
- Windows Internet Explorer 7 (Windows Vista x64 Edition Service Pack 2)
- Windows Internet Explorer 7 (Windows XP Professional x64 Edition Service Pack 2)
- Windows Internet Explorer 8 (Windows 7 for 32-bit Systems)
- Windows Internet Explorer 8 (Windows 7 for x64-based Systems)
- Windows Internet Explorer 8 (Windows Server 2003 Service Pack 2)
- Windows Internet Explorer 8 (Windows Server 2003 x64 Edition Service Pack 2)
- Windows Internet Explorer 8 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Windows Internet Explorer 8 (Windows Server 2008 for x64-based Systems)
- Windows Internet Explorer 8 (Windows Server 2008 R2 for x64-based Systems)
- Windows Internet Explorer 8 (Windows Vista Service Pack 1)
- Windows Internet Explorer 8 (Windows Vista Service Pack 2)
- Windows Internet Explorer 8 (Windows Vista x64 Edition Service Pack 1)
- Windows Internet Explorer 8 (Windows Vista x64 Edition Service Pack 2)
- Windows Internet Explorer 8 (Windows XP Service Pack 2)
- Windows Internet Explorer 8 (Windows XP Service Pack 3)
Title: MS10-032 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Rating: Important
Description: Two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
Most likely attack vector: Attacker already running code with low privileges on a vulnerable machine runs a malicious EXE to elevate to a higher privilege level.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3
Title: MS10-036 Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution
Rating: Important
Description: A privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail.
Most likely attack vector: Victim opens a malicious Office document that instantiates an ActiveX control to result in code execution.
Affected software: Microsoft Office
- 2007 Microsoft Office System Service Pack 1
- 2007 Microsoft Office System Service Pack 2
- Microsoft Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office 2003 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office PowerPoint 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office PowerPoint 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office PowerPoint 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office PowerPoint 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office PowerPoint 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Publisher 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Publisher 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Publisher 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Publisher 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Publisher 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Visio 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Visio 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Visio 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Visio 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Visio 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Word 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Word 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Word 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Word 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Word 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office XP Service Pack 3
- Microsoft Visio 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
Title: MS10-037 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege
Rating: Important
Description: A privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Most likely attack vector: Local user running at low privileges on a vulnerable machine runs a malicious EXE to elevate to a higher privilege level.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 3
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
Title: MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
Rating: Important
Description: Fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Most likely attack vector: Victim opens a malicious XLS file that exploits a vulnerability to run arbitrary code.
Affected software: Microsoft Office
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Office Excel 2002 Service Pack 3 (Microsoft Office XP Service Pack 3)
- Microsoft Office Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Excel Viewer Service Pack 1
- Microsoft Office Excel Viewer Service Pack 2
- Open XML File Format Converter for Mac
Title: MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
Rating: Important
Description: One publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Most likely attack vector: Victim clicks an attacker-sent link to a Sharepoint server on which they have administrative rights. Attacker-supplied link causes them to take an automatic action on the Sharepoint Server.
Affected software: Microsoft Office, Microsoft Server Software
- Microsoft Office InfoPath 2003 Service Pack 3
- Microsoft Office InfoPath 2007 Service Pack 1
- Microsoft Office InfoPath 2007 Service Pack 2
- Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
- Microsoft Windows SharePoint Services 3.0 Service Pack 1 (32-bit version)
- Microsoft Windows SharePoint Services 3.0 Service Pack 1 (64-bit version)
- Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit version)
- Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit version)
Title: MS10-040 Vulnerability in Internet Information Services Could Allow Remote Code Execution
Rating: Important
Description: A privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Most likely attack vector: Attacker connects remotely over HTTP to IIS server that has installed the (optional) Channel Binding Update and has enabled (off-by-default) Windows Authentication.
Affected software: Microsoft Windows
- Internet Information Services 7.0 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Internet Information Services 7.0 (Windows Server 2008 for 32-bit Systems)
- Internet Information Services 7.0 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Internet Information Services 7.0 (Windows Server 2008 for Itanium-based Systems)
- Internet Information Services 7.0 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Internet Information Services 7.0 (Windows Server 2008 for x64-based Systems)
- Internet Information Services 7.0 (Windows Vista Service Pack 1)
- Internet Information Services 7.0 (Windows Vista Service Pack 2)
- Internet Information Services 7.0 (Windows Vista x64 Edition Service Pack 1)
- Internet Information Services 7.0 (Windows Vista x64 Edition Service Pack 2)
- Internet Information Services 7.5 (Windows 7 for 32-bit Systems)
- Internet Information Services 7.5 (Windows 7 for x64-based Systems)
- Internet Information Services 7.5 (Windows Server 2008 R2 for Itanium-based Systems)
- Internet Information Services 7.5 (Windows Server 2008 R2 for x64-based Systems)
- Microsoft Internet Information Services 6.0 (Windows Server 2003 Service Pack 2)
- Microsoft Internet Information Services 6.0 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft Internet Information Services 6.0 (Windows Server 2003 x64 Edition Service Pack 2)
Title: MS10-041 Vulnerability in Microsoft .NET Framework Could Allow Tampering
Rating: Important
Description: A publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application.
Most likely attack vector: Custom .NET applications that rely on XML signature protection as tamper protection could be tampered with in an undetected manner.
Affected software: Microsoft Windows, Microsoft .NET Framework
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Service Pack 2)
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Service Pack 3)
- Microsoft .NET Framework 1.1 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for Itanium-based Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista x64 Edition Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows XP Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows XP Service Pack 3)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Server 2008 for Itanium-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 2 (Microsoft Windows 2000 Service Pack 4)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for Itanium-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista x64 Edition Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows XP Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 3.5 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 3.5 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 3.5 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 3.5 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 3.5 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows XP Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows XP Service Pack 3)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows XP Service Pack 3)
- Microsoft .NET Framework 3.5.1 (Windows 7 for 32-bit Systems)
- Microsoft .NET Framework 3.5.1 (Windows 7 for x64-based Systems)
- Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 for Itanium-based Systems)
- Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 for x64-based Systems)
The Microsoft Security Response Center (MSRC) has provided these visual representations of the June 2010 Patch Tuesday update.
Title: MS10-033 Vulnerabilities in Media Decompression Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Description: Two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user.
Most likely attack vector: Victim browses to a malicious webpage or opens a malicious AVI movie with Media Player.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3
Title: MS10-034 Cumulative Security Update of ActiveX Kill Bits
Rating: Critical
Description: Two privately reported vulnerabilities for Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. This update also includes kill bits for four third-party ActiveX controls. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.
Most likely attack vector: Victim browses to a malicious webpage.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 3
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
Title: MS10-035 Cumulative Security Update for Internet Explorer
Rating: Critical
Description: Five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
Most likely attack vector: Victim browses to a malicious webpage.
Affected software:
- Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 4)
- Microsoft Internet Explorer 6 (Windows Server 2003 Service Pack 2)
- Microsoft Internet Explorer 6 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft Internet Explorer 6 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft Internet Explorer 6 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft Internet Explorer 6 (Windows XP Service Pack 2)
- Microsoft Internet Explorer 6 (Windows XP Service Pack 3)
- Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
- Microsoft Internet Explorer 7 (Windows Server 2003 Service Pack 2)
- Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems)
- Microsoft Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems)
- Microsoft Internet Explorer 7 (Windows Server 2008 for x64-based Systems)
- Microsoft Internet Explorer 7 (Windows XP Service Pack 2 and Windows XP Service Pack 3)
- Microsoft Internet Explorer 7 (Windows XP Service Pack 3)
- Microsoft Internet Explorer 8 (Windows Server 2008 for 32-bit Systems)
- Microsoft Internet Explorer 8 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft Internet Explorer 8 (Windows Server 2008 R2 for Itanium-based Systems)
- Microsoft Internet Explorer 8 (Windows XP Professional x64 Edition Service Pack 2)
- Windows Internet Explorer 7 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Windows Internet Explorer 7 (Windows Server 2003 x64 Edition Service Pack 2)
- Windows Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Windows Internet Explorer 7 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Windows Internet Explorer 7 (Windows Vista Service Pack 1)
- Windows Internet Explorer 7 (Windows Vista Service Pack 2)
- Windows Internet Explorer 7 (Windows Vista x64 Edition Service Pack 1)
- Windows Internet Explorer 7 (Windows Vista x64 Edition Service Pack 2)
- Windows Internet Explorer 7 (Windows XP Professional x64 Edition Service Pack 2)
- Windows Internet Explorer 8 (Windows 7 for 32-bit Systems)
- Windows Internet Explorer 8 (Windows 7 for x64-based Systems)
- Windows Internet Explorer 8 (Windows Server 2003 Service Pack 2)
- Windows Internet Explorer 8 (Windows Server 2003 x64 Edition Service Pack 2)
- Windows Internet Explorer 8 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Windows Internet Explorer 8 (Windows Server 2008 for x64-based Systems)
- Windows Internet Explorer 8 (Windows Server 2008 R2 for x64-based Systems)
- Windows Internet Explorer 8 (Windows Vista Service Pack 1)
- Windows Internet Explorer 8 (Windows Vista Service Pack 2)
- Windows Internet Explorer 8 (Windows Vista x64 Edition Service Pack 1)
- Windows Internet Explorer 8 (Windows Vista x64 Edition Service Pack 2)
- Windows Internet Explorer 8 (Windows XP Service Pack 2)
- Windows Internet Explorer 8 (Windows XP Service Pack 3)
Title: MS10-032 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Rating: Important
Description: Two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
Most likely attack vector: Attacker already running code with low privileges on a vulnerable machine runs a malicious EXE to elevate to a higher privilege level.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3
Title: MS10-036 Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution
Rating: Important
Description: A privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail.
Most likely attack vector: Victim opens a malicious Office document that instantiates an ActiveX control to result in code execution.
Affected software: Microsoft Office
- 2007 Microsoft Office System Service Pack 1
- 2007 Microsoft Office System Service Pack 2
- Microsoft Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office 2003 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office PowerPoint 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office PowerPoint 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office PowerPoint 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office PowerPoint 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office PowerPoint 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Publisher 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Publisher 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Publisher 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Publisher 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Publisher 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Visio 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Visio 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Visio 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Visio 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Visio 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Word 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Word 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Word 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Word 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Word 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office XP Service Pack 3
- Microsoft Visio 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
Title: MS10-037 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege
Rating: Important
Description: A privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Most likely attack vector: Local user running at low privileges on a vulnerable machine runs a malicious EXE to elevate to a higher privilege level.
Affected software: Microsoft Windows
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 3
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
Title: MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
Rating: Important
Description: Fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Most likely attack vector: Victim opens a malicious XLS file that exploits a vulnerability to run arbitrary code.
Affected software: Microsoft Office
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Office Excel 2002 Service Pack 3 (Microsoft Office XP Service Pack 3)
- Microsoft Office Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 1)
- Microsoft Office Excel 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
- Microsoft Office Excel Viewer Service Pack 1
- Microsoft Office Excel Viewer Service Pack 2
- Open XML File Format Converter for Mac
Title: MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
Rating: Important
Description: One publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Most likely attack vector: Victim clicks an attacker-sent link to a Sharepoint server on which they have administrative rights. Attacker-supplied link causes them to take an automatic action on the Sharepoint Server.
Affected software: Microsoft Office, Microsoft Server Software
- Microsoft Office InfoPath 2003 Service Pack 3
- Microsoft Office InfoPath 2007 Service Pack 1
- Microsoft Office InfoPath 2007 Service Pack 2
- Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
- Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
- Microsoft Windows SharePoint Services 3.0 Service Pack 1 (32-bit version)
- Microsoft Windows SharePoint Services 3.0 Service Pack 1 (64-bit version)
- Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit version)
- Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit version)
Title: MS10-040 Vulnerability in Internet Information Services Could Allow Remote Code Execution
Rating: Important
Description: A privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Most likely attack vector: Attacker connects remotely over HTTP to IIS server that has installed the (optional) Channel Binding Update and has enabled (off-by-default) Windows Authentication.
Affected software: Microsoft Windows
- Internet Information Services 7.0 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Internet Information Services 7.0 (Windows Server 2008 for 32-bit Systems)
- Internet Information Services 7.0 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Internet Information Services 7.0 (Windows Server 2008 for Itanium-based Systems)
- Internet Information Services 7.0 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Internet Information Services 7.0 (Windows Server 2008 for x64-based Systems)
- Internet Information Services 7.0 (Windows Vista Service Pack 1)
- Internet Information Services 7.0 (Windows Vista Service Pack 2)
- Internet Information Services 7.0 (Windows Vista x64 Edition Service Pack 1)
- Internet Information Services 7.0 (Windows Vista x64 Edition Service Pack 2)
- Internet Information Services 7.5 (Windows 7 for 32-bit Systems)
- Internet Information Services 7.5 (Windows 7 for x64-based Systems)
- Internet Information Services 7.5 (Windows Server 2008 R2 for Itanium-based Systems)
- Internet Information Services 7.5 (Windows Server 2008 R2 for x64-based Systems)
- Microsoft Internet Information Services 6.0 (Windows Server 2003 Service Pack 2)
- Microsoft Internet Information Services 6.0 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft Internet Information Services 6.0 (Windows Server 2003 x64 Edition Service Pack 2)
Title: MS10-041 Vulnerability in Microsoft .NET Framework Could Allow Tampering
Rating: Important
Description: A publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application.
Most likely attack vector: Custom .NET applications that rely on XML signature protection as tamper protection could be tampered with in an undetected manner.
Affected software: Microsoft Windows, Microsoft .NET Framework
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Service Pack 2)
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Service Pack 3)
- Microsoft .NET Framework 1.1 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for Itanium-based Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows Vista x64 Edition Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows XP Service Pack 2)
- Microsoft .NET Framework 1.1 Service Pack 1 (Windows XP Service Pack 3)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Server 2008 for Itanium-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 1 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 2 (Microsoft Windows 2000 Service Pack 4)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for Itanium-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows Vista x64 Edition Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 2.0 Service Pack 2 (Windows XP Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 3.5 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 3.5 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 3.5 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 3.5 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 3.5 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows XP Service Pack 2)
- Microsoft .NET Framework 3.5 (Windows XP Service Pack 3)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2003 Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2003 with SP2 for Itanium-based Systems)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2003 x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for 32-bit Systems Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for 32-bit Systems)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for x64-based Systems Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Server 2008 for x64-based Systems)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista Service Pack 1)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista x64 Edition Service Pack 1)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows Vista x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows XP Professional x64 Edition Service Pack 2)
- Microsoft .NET Framework 3.5 Service Pack 1 (Windows XP Service Pack 3)
- Microsoft .NET Framework 3.5.1 (Windows 7 for 32-bit Systems)
- Microsoft .NET Framework 3.5.1 (Windows 7 for x64-based Systems)
- Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 for Itanium-based Systems)
- Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 for x64-based Systems)
The Microsoft Security Response Center (MSRC) has provided these visual representations of the June 2010 Patch Tuesday update.
