Microsoft has just released a record security update consisting of 14 bulletins that address 34 vulnerabilities, four of them listed as high priority, eight rated “critical” and six “important.”
The software to be patched is: Microsoft Windows, Microsoft Office, Microsoft Internet Explorer, Microsoft Silverlight, Microsoft XML Core Services and Server Message Block.
Only one of the 14 patches fixed an issue that had been publicly known. MS10-049 fixed a vulnerability affecting the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocol, first reported last year. The bug could have permitted a man-in-the-middle attack “to introduce and execute a request in the protected TLS/SSL session between a client and a server,” according to Microsoft’s advisory in February.
Additionally, Microsoft released a a new security advisory to address a privilege-escalation vulnerability that endangers the Windows Service Isolation feature.
“This will be the most bulletins we have ever released in a month”, said Angela Gunn, security response communications manager at Microsoft.
The 8 critical updates include:
- MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution—Two vulnerabilities are fixed in this update, one of them rather old and famous. CVE-2009-3555, the TLS/SSL Renegotiation Vulnerability was first disclosed late last year. This is a spoofing attack which could allow an attacker to insert traffic into a TLS session. The other bug is in SChannel, in the client validation of certificate requests. On Windows XP and Server 2003 a malicious web site could cause remote code execution in the client.
- MS10-051: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution— Version 3.0 of Microsoft XML Core Services 3.0 (the current version is 6.0) is vulnerable to a memory corruption error which could lead to remote code execution on all versions of Windows, but is only rated Critical on client versions.
- MS10-052: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution—The DirectShow MP3 filter on Windows XP and Server 2003 could allow remote code execution through a malicious audio file.
- MS10-053: Cumulative Security Update for Internet Explorer—6 vulnerabilities are fixed in this update to IE. All versions on all platforms have at least one critical vulnerability fixed in this update.
- MS10-054: Vulnerabilities in SMB Server Could Allow Remote Code Execution—This update fixes 3 vulnerability, the first of which (CVE-2010-2550) is much more severe and interesting than the others, which only allow denial of service. CVE-2010-2550 allows remote code execution through unauthenticated network attack on Windows XP, Server 2003, Windows 7 and Windows Server 2008 R2. On Vista and Windows Server 2008 it only allows elevation of privilege. Firewalls would normally block SMB packets, certainly unsolicited ones, from the outside, but an infected system inside the network might be able to attack peers. In Vista and Windows 7, if the network profile is set to “Public” the system is not affected. Microsoft does state that only inconsistent exploit code is likely, and that “Exploitation is more likely to result in a denial of service rather than code execution.”
- MS10-055: Vulnerability in Cinepak Codec Could Allow Remote Code Execution—The Cinepak codec on client versions of Windows has a remote code execution vulnerability in the decompression of some files.
- MS10-056: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution—4 vulnerabilities in Microsoft Word affect all versions, including viewers, except for Office 2010. Strangely, only Word 2007 is rated Critical.
- MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution—Vulnerabilities in Silverlight have been rare. This update includes one which affects some versions of Silverlight and another which affects both Silverlight and some versions of.NET..