Microsoft released nine security bulletins for this month's Patch Tuesday.
Microsoft issued nine
for Patch Tuesday today to cover 11 security holes in
Windows and other Microsoft products.
Four of the bulletins are rated "critical," including two
Microsoft considers very likely to be exploited. Among these two bulletins
is MS10-061, which addresses a publicly disclosed vulnerability in the Print
Spooler service that could be exploited to allow remote code execution via a
specially crafted print request to a vulnerable system with a print spooler
interface exposed over RPC.
"On Windows XP, the guest account is enabled by default, which allows
anonymous users to access printer shares," Microsoft said in the advisory.
"On Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7,
and Windows Server 2008 R2, an attacker must be authenticated in order to
exploit this vulnerability unless password-based sharing is disabled. If
password-based sharing is disabled, attackers could exploit these systems
was also ranked as likely to be exploited. The bulletin covers a remote code execution
vulnerability tied to the way the MPEG-4 codec handles supported format files.
If exploited successfully, an attacker could take control of a vulnerable
"There is a prevalence of sharing media and video files, so MS10-062 is
of particular interest, as this media code execution takes advantage of
vulnerabilities by crafting music files," said Dave Marcus, director of
security and research communications at McAfee Labs. "We have found
that cyber-criminals are increasingly hiding malicious content in music- and
movie-related sites, making it very easy to craft a fake file and exploit this
type of vulnerability."
The other two critical bulletins address vulnerabilities in Microsoft
Outlook and the Unicode Scripts Processor. Also known as Uniscribe, the Unicode
Script Processor is a collection of APIs that enables a text layout client to
format complex scripts. According to Microsoft, the Uniscribe bug can be
exploited if a user views a specially crafted document or Web page with an
application that supports embedded OpenType fonts.
The Outlook vulnerability only exists "in configurations where Outlook
connects to an Exchange Server in Online Mode," Microsoft said in its
advisory. "Configurations where Outlook connects to an Exchange Server in
the Cached Exchange Mode are not affected. In addition, configurations where
Outlook uses POP or IMAP mail servers only
are not affected by this vulnerability."
The remaining bulletins are rated "important" and reside in
Windows. The security update addresses roughly a third of the amount of
vulnerabilities addressed in last month's patches. Microsoft initially
announced 13 vulnerabilities would be fixed today, but later corrected it as a