Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigational Links Home > National security > Cyber Security: A Shared Responsibility > Cyber Security Publications > Analytical releases 2010 > AV10-055: Microsoft Security Bulletin Summary for December 2010

Institutional links

Microsoft Security Bulletin Summary for December 2010

Number: AV10-055
Date: 15 December 2010

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft security bulletin summary, which addresses 17 vulnerabilities, including 2 Critical, 14 Important and 1 Moderate.

Assessment

Microsoft has released the following security bulletins:

MS10-090 - Cumulative Security Update for Internet Explorer (2416400)
Details: This security update resolves 7 vulnerabilities in Internet Explorer. The most severe could allow remote code execution if a user views a specially crafted web page using Internet Explorer. The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and script during certain processes.
Impact of Vulnerability: Remote Code Execution 
Maximum Severity Rating: Critical
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP, Windows Server 2003, Windows Server 2008, Windows 7, and Windows Server 2008, Windows Vista.
CVE references: CVE-3340, CVE10-3342, CVE-2010-3343, CVE10-3345, CVE10-3346, CVE10-3348, CVE10-3962
http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx

MS10-091 - Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
Details: This security update resolves several vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OTF on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights. The security update addresses the vulnerabilities by correcting the way that the OTF driver indexes arrays when parsing OpenType fonts, resets pointers when freeing memory, and parses the CMAP table when rendering OpenType fonts.
Impact of Vulnerability: Remote Code Execution 
Maximum Severity Rating: Critical
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
CVE references: CVE-2010-3956, CVE-2010-3957, CVE10-3959
http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx

MS10-092 - Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
Details: This security update resolves a vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. The security update addresses the vulnerability by correcting the way Task Scheduler conducts integrity checks to validate that tasks run with the intended user privileges.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2
CVE reference: CVE-2010-3338
http://www.microsoft.com/technet/security/bulletin/ms10-092.mspx

MS10-093 - Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
Details: This security update resolves a vulnerability in Windows Movie Maker that could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. The security update addresses the vulnerability by correcting the way Windows Movie Maker loads external libraries.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP, Windows Server 2003, Windows Server 2008, Windows 7 and Windows Server 2008 R2
CVE reference: CVE-2010-3967
http://www.microsoft.com/technet/security/bulletin/MS10-093.mspx

MS10-094 - Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
Details: This security update resolves a vulnerability in Windows Media Encoder that could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. The security update addresses the vulnerability by correcting the way the Windows Media Encoder loads external libraries.
Impact of Vulnerability: Remote Code Execution 
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Office XP, Microsoft Office 2003, Windows Vista, and Windows Server 2008
CVE reference: CVE-2010-3965
http://www.microsoft.com/technet/security/bulletin/MS10-094.mspx

MS10-095 - Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
Details: This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. The security update addresses the vulnerability by correcting the manner in which the Windows BranchCache loads external libraries.
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
CVE reference: CVE-2010-3966
http://www.microsoft.com/technet/security/bulletin/MS10-095.mspx

MS10-096 - Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
Details: This security update resolves a vulnerability in Windows Address Book that could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. The security update addresses the vulnerability by correcting the manner in which the Windows Address Book loads external libraries.
Impact of Vulnerability: Remote Code Execution 
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 2008 R2 
CVE reference: CVE-2010-3147
http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx

MS10-097 - Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
Details: This security update resolves a vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. The vulnerability could allow remote code execution if a user opens an .ins or .isp file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. The security update addresses the vulnerability by correcting the manner in which the Internet Connection Signup Wizard loads external libraries.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows Vista, Windows Server 2008, Windows 7 and Windows 2008 R2
CVE reference: CVE-2010-3144
http://www.microsoft.com/technet/security/bulletin/MS10-097.mspx

MS10-098 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
Details: This security update resolves several vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. The security update addresses the vulnerabilities by correcting the way the Windows kernel-mode drivers allocate memory, free objects that are no longer in use, manage kernel-mode driver objects and validate input passed from user mode.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2
CVE references: CVE-2010-3939, CVE-2010-3940, CVE-2010-3941, CVE-2010-3942, CVE-2010-3943, CVE-2010-3944
http://www.microsoft.com/technet/security/bulletin/ms10-098.mspx

MS10-099 - Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
Details: This security update addresses a vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. The security update addresses the vulnerability by correcting the validation in the Routing and Remote Access component.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows XP and Windows Server 2003.
CVE reference: CVE-2010-3963
http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx

MS10-100 - Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
Details: This security update resolves a vulnerability in the Consent User Interface (UI) that could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. The security update addresses the vulnerability by correcting the manner in which the Consent UI processes values read from the registry.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2
CVE reference: CVE-2010-3961
http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx

MS10-101 - Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
Details: This security update resolves a vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability. The security update addresses the vulnerability by correcting the validation of user-provided data in the Netlogon RPC Service interface.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Maximum Exploitability Index: 3 – Functioning exploit code unlikely
Affected Products: Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2
CVE reference: CVE-2010-2742
http://www.microsoft.com/technet/security/bulletin/ms10-101.mspx

MS10-102 - Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
Details: This security update resolves a vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. The security update addresses the vulnerability by correcting the way that the Hyper-V server validates malformed packets sent to the VMBus inside its guest virtual machines.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Maximum Exploitability Index: 3 – Functioning exploit code unlikely
Affected Products: Windows Server 2008 and Windows Server 2008 R2
CVE reference: CVE-2010-3960
http://www.microsoft.com/technet/security/bulletin/ms10-102.mspx

MS10-103 - Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
Details: This security update resolves several vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by correcting the way that Microsoft Publisher parses specially crafted Publisher files.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2007 and Microsoft Office 2010
CVE references: CVE-2010-2569, CVE-2010-2570, CVE-2010-2571, CVE-2010-3954, CVE-2010-3955
http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx

MS10-104 - Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
Details: This security update resolves a vulnerability in Microsoft SharePoint that could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. Note that by default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007. The update addresses the vulnerability by modifying the way that the Document Conversion Launcher Service validates specially crafted SOAP requests.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Office SharePoint Server 2007
CVE reference: CVE-2010-3964.
http://www.microsoft.com/technet/security/bulletin/ms10-104.mspx

MS10-105 - Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
Details: This security update resolves multiple vulnerabilities in Microsoft Office that could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. The update addresses the vulnerabilities by modifying the way that Microsoft Office parses certain image formats and validates data when rendering images.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Office XP Service Pack 3, Microsoft Office 2007 Service Pack 2, Microsoft Office 2010, Microsoft Office Converter Pack and Microsoft Works 9
CVE references: CVE-2010-3945, CVE-2010-3946, CVE-2010-3947, CVE-2010-3949, CVE-2010-3950, CVE-2010-3951, CVE-2010-3952
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx

MS10-106 - Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
Details: This security update resolves a vulnerability in Microsoft Exchange Server that could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. The security update addresses the vulnerability by correcting the manner in which the Exchange Server store processes RPC requests.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate
Maximum Exploitability Index: 3 - Functioning exploit code unlikely
Affected Products: Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
CVE reference: CVE-2010-3937
http://www.microsoft.com/technet/security/bulletin/ms10-106.mspx

Suggested action

CCIRC recommends that administrators test and deploy these updates at the earliest opportunity. Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/b/srd/archive/2010/12/14/assessing-the-risk-of-the-december-security-updates.aspx

References:

http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-12-15
Top of Page
Top of Page
Important Notices
Host: WWWDMZ02