Today we releasedfourteen security bulletins. Eight have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. Furthermore, six of the fourteen bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability Index | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS10-055 (Cinepak) | Victim browses to a malicious webpage or opens a malicious AVI movie with Media Player. | Critical | 1 | Likely to see an exploit released able to exploit the vulnerability in the Cinepak codec. | Vulnerable DLL does not exist on Windows Server 2003 or Windows Server 2008. |
| MS10-052(MPEG-3) | Victim browses to a malicious webpage or opens a malicious ASX file with Media Player. | Critical | 1 | Likely to see an exploit released able to exploit the vulnerability in MPEG-3 codec. | Only Windows XP and Windows Server 2003 are vulnerable. |
| MS10-056 (Word, RTF) | Victim opens malicious RTF file using Microsoft Word or views RTF email using Outlook 2007. | Critical | 1 | RTF exploit likely to be developed. | Office 2010 not affected. Versions of Outlook prior to 2007 did not use Word as RTF parser so are not susceptible to Outlook attack vector. |
| MS10-060 (Silverlight, .NET framework) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see an exploit released able to exploit the vulnerability in Silverlight. | |
| MS10-054(SMB) | Windows XP system compromised via over-the-network SMB packet. | Critical | 2 | Exploiting this vulnerability for code execution will be difficult. | For more information on risk by platform, please see this SRD blog post. |
| MS10-053(Internet Explorer) | Victim browses to a malicious website. | Critical | 1 (IE6 only) | Consistent, reliable exploit affecting IE7 or IE8 will be difficult to develop. | Vulnerabilities significantly more difficult to exploit on IE7 and IE8 due to platform mitigations. |
| MS10-051(MSXML ActiveX) | Victim browses to a malicious website. | Critical | 2 | Difficult to build reliable exploit. | |
| MS10-049 (schannel) | Victim browses to a malicious https website. | Critical | 2 | Exploiting CVE-2010-2566 for code execution will be difficult. Successful attacks would result in code execution as SYSTEM, making this an attractive target, despite its difficulty. | Windows Vista and newer platforms are Important Severity. For more information please see this SRD blog post and this SRD blog post. |
| MS10-050(Windows Movie Maker) | Victim opens malicious MSWMM file sent via email or downloaded via website. | Important | 1 | MSWMM exploit likely to be developed. | Does not affect Windows Live Movie Maker shipped by default with Windows 7. |
| MS10-057 (Excel 2002, Excel 2003) | Victims opens malicious XLS file sent via email or downloaded via website. | Important | 1 | XLS exploit likely to be developed. | Does not affect Office 2007 or Office 2010. |
| MS10-048(Win32k) | Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. | Important | 1 | Likely to see an exploit developed for CVE-2010-1897 and potentially others. | |
| MS10-058 (TCP/IP) | Remote attacker causes victim machine to bugcheck. Attacker logged-in to machine locally exploits vulnerability to elevate to a higher privilege level. | Important | 1 | Likely to see an exploit developed for one or both vulnerabilities. | 64-bit Windows not affected by vulnerability allowing local elevation of privilege. |
| MS10-059 (Tracing service) | Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. | Important | 1 | Likely to see proof-of-concept code released | |
| MS10-047(Kernel) | Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. | Important | 1 | Likely to see proof-of-concept code released. | The security impact on Windows Server 2008 R2 and Windows 7 is limited to denial of service. |
Thanks to all of MSRC Engineering for their work on these cases.
- Jonathan Ness, MSRC Engineering