Webinar Library
Special note: XP SP2 security patching is no more - Make sure your XP systems are SP3+.
There are 4 bulletins released today, 3 are considered by Microsoft to be highly exploitable and are rated critical. One of these is the Help Center URL Validation Vulnerability (MS10-042) which is currently being exploited on the internet. A Security Advisory (2219475) was issued last month. This will affect primarily XP workstations and possibly Server 2003 Terminal Servers even if a third –party browser is being used. The evidence indicates these attacks are on the increase. MS10-043 also affecting the Windows OS, “Canonical Display Driver Integer Overflow Vulnerability” is a little more obscure and not as likely to be successfully exploited. If it is exploited, a DNS is more likely than remote code. It is publicly disclosed however. It looks like only x64 based Windows 7 and Server 2008 are affected. Both of these Windows vulnerabilities are rated critical.
Once again those dreadful activeX controls rear their ugly heads. This time in Office Access (MS10-044). Finally MS10-045 reports a vulnerability in Office Outlook. A note about MS10-045: If you are running Office 2007 SP1, security feature of SP2 will be applied in addition to the patch. In all of the versions where this patch is applied linked file attachments can no longer be opened. Microsoft does offer a way to reduce the security and allow these to be opened (Microsoft KB 2271150). We agree with Microsoft in this: Carefully consider the risk before reducing security. A simple workaround is to put a hyperlink in the body of the message rather than a linked file attachment.