Microsoft Fixes 40 Vulnerabilities in Final Patch Tuesday for 2010
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Fixes 40 Vulnerabilities in Final Patch Tuesday for 2010

Written By
Brian Prince
Brian Prince
Dec 14, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft bid farewell to 2010 Patch Tuesday updates with 17 security bulletins and 40 security fixes, among them a patch for an Internet Explorer vulnerability first disclosed in November.

Two of the 17 bulletins are rated “Critical”-the IE bulletin and another that covers three vulnerabilities in Windows’ OpenType Font driver-while 14 are rated “Important” and the remaining one is rated “Moderate.”

The IE bulletin resolves seven issues that affect all supported editions of the browser across all the versions of Windows.

“The most important bug this month is clearly the IE update that includes a fix for the outstanding zero-day bug discovered in early November,” said Andrew Storms, director of security operations at nCircle. “With more and more people shopping online this time of year, it’s important for everyone to patch their browsers.”

The zero-day is the only flaw among the IE bugs known to have been successfully exploited, Microsoft said.

The other critical bulletin, MS10-091, should also be a top priority, security pros said.

“This bulletin addresses and issue with the OpenType Font Driver,” noted Jason Miller, data and security team leader at Shavlik Technologies. “If a shared folder that contains a malicious OpenType font file is viewed, an attacker could run code in the Windows kernel. In order for a successful exploit, an attacker must convince a user to open a share that contains a malicious OpenType font file. If the folder has thumbnail view set, no user interaction is required for a successful exploit.”

Five of the bulletins released today (MS10-093, MS10-094, MS10-095, MS10-096, and MS10-097) address the insecure Library Loading issue identified in August on different components, Miller added.

“It is not surprising these five bulletins were released,” he said. “Products that are affected by this vulnerability are still being found by Microsoft.”

Another bulletin that administrators should pay particular attention to is MS10-105, opined Qualys CTO Wolfgang Kandek. The bulletin covers seven vulnerabilities in Microsoft Office, and could allow remote code execution if the user views a specially-crafted image file using Microsoft Office.

Microsoft also swatted a privilege escalation bug used by the Stuxnet worm, the last of the zero-days the malware exploited to infect systems.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information