November '10 Patch Tuesday Detailed
Earlier this week Microsoft announced that this month, as part of the Patch Tuesday program (updates and patches are released for Microsoft products every second Tuesday of the month), it will roll out 3 security bulletins that will address a total of 11 vulnerabilities. The vulnerabilities in question plague Microsoft Forefront Unified Access Gateway and the Microsoft Office productivity suite. All we knew until now was that out of these 3 security bulletins one carries the “critical” rating (the highest severity rating used by Microsoft) while the other two bulletins are classified as “important”.
Redmond-based software giant has now released additional details on these security bulletins. Keep reading to find out more about the 3 security bulletins Microsoft released as part of the November 2010 Patch Tuesday:
MS10-087
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Severity rating: Critical
Impact: Remote code execution
Description: One publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Affected software: all currently supported Microsoft Office products.
MS10-088
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
Severity rating: Important
Impact: Remote code execution
Description: Two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.
Affected software: Microsoft Office
MS10-089
Title: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege
Severity rating: Important
Impact: Elevation of Privilege
Description: Four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Affected software: Microsoft Forefront United Access Gateway.
The Microsoft Security Response Center (MSRC) has provided this visual representation of the November 2010 Patch Tuesday.
Redmond-based software giant has now released additional details on these security bulletins. Keep reading to find out more about the 3 security bulletins Microsoft released as part of the November 2010 Patch Tuesday:
MS10-087
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Severity rating: Critical
Impact: Remote code execution
Description: One publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Affected software: all currently supported Microsoft Office products.
MS10-088
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
Severity rating: Important
Impact: Remote code execution
Description: Two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.
Affected software: Microsoft Office
MS10-089
Title: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege
Severity rating: Important
Impact: Elevation of Privilege
Description: Four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Affected software: Microsoft Forefront United Access Gateway.
The Microsoft Security Response Center (MSRC) has provided this visual representation of the November 2010 Patch Tuesday.
