Skip to main content
MSRC

Month Archives: June 2010

Monthly Security Bulletin Webcast Q&A - June 2010

Friday, June 11, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: June 2010 Security Bulletin Release Date: Tuesday, June 8, 2010 Q: The .NET updates are only a security update correct? Not a service pack or rollup, right? A: The June Security Bulletin release had one security bulletin, MS10-041, for the .

Help and Support Center vulnerability full-disclosure posting

Thursday, June 10, 2010

Yesterday evening, one of Google’s security researchers publicly released vulnerability details and a working exploit for an unpatched vulnerability in Windows XP and Windows Server 2003. This afternoon, we’ve released security advisory 2219475 with official guidance. We’d like to use this blog entry to share more details about the issue and ways you can protect yourself.

Security Advisory 2219475 Released

Thursday, June 10, 2010

Hello - We have released Security Advisory 2219475, addressing the vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. We are not aware of any active attacks at this time. Customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this issue or at risk of attack.

Assessing the risk of the June Security Bulletins

Tuesday, June 08, 2010

Today we released ten security bulletins. Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Rating Likely first 30 days impact Platform mitigations and key notes MS10-035(IE) Victim browses to a malicious webpage.

June 2010 Security Bulletin Release

Tuesday, June 08, 2010

Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these bulletins get our maximum severity rating of Critical.

MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Tuesday, June 08, 2010

Today we released a security update rated Important for CVE-2010-1255 in MS10-032. This vulnerability affects the win32k.sys driver. This blog post provides more information about this vulnerability that can help with prioritizing the deployment of updates this month. What’s the risk? A local attacker could write a custom user-mode attack application that passes a bad buffer to win32k.