Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-020: Microsoft Security Bulletin Summary for July 2010

Institutional links

Microsoft Security Bulletin Summary for July 2010

Number: AV10-020
Date: 13 July 2010

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft security bulletin which addresses 3 Critical and 1 important vulnerability.

Assessment

Microsoft has released the following security bulletins:

MS10-042 - Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
Details: This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: 1 - Consistent exploit code likely. This vulnerability is currently being exploited in the wild.
Affected Products: Microsoft Windows XP SP2 and SP3, XP Professional x64 SP2, Server 2003 SP2, Server 2003 x64 SP2 and Server 2003 SP2 for Itanium-based systems.
CVE reference: CVE-2010-1885
http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx

MS10-043 - Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
Details: This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: 2 - Inconsistent exploit code likely.
Affected Products: Microsoft Windows 7 and Windows Server 2008 R2 for x64 based systems.
CVE reference: CVE-2009-3678
http://www.microsoft.com/technet/security/bulletin/ms10-043.mspx

MS10-044 - Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
Details: This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: 1 - Consistent exploit code likely.
Affected Products: Microsoft Office 2003 SP3 and 2007 Microsoft Office System SP1 and SP2
CVE reference: CVE-2010-1881
http://www.microsoft.com/technet/security/bulletin/ms10-044.mspx

MS10-045 - Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
Details: This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely.
Affected Products: Microsoft Office SP3, Microsoft Office 2003 SP3 and 2007 Microsoft Office System SP1 and SP2
CVE reference: CVE-2010-0266
http://www.microsoft.com/technet/security/bulletin/ms10-045.mspx

Suggested action

CCIRC recommends that administrators test and deploy these updates at the earliest opportunity.

References:
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-07-13
Top of Page
Top of Page
Important Notices