Microsoft Patches Critical IE, Windows Vulnerabilities
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Patches Critical IE, Windows Vulnerabilities

Written By
Brian Prince
Brian Prince
Jun 8, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft released 10 security bulletins today to address 34 vulnerabilities, including several with Microsoft’s highest exploitability rating.

The exploitability rating ranks vulnerabilities according to the likelihood attackers will develop reliable exploit code. Three of the bulletins are rated “critical.” Among them is MS10-033, which plugs two Windows security vulnerabilities that could allow an attacker to exploit remote code if a user is tricked into opening a malicious media file or receives specially crafted streaming content.

The other critical bulletins are MS10-034, which address two Windows vulnerabilities, and MS10-035, a cumulative update for Internet Explorer that swats a number of bugs. Among them, noted Qualys CTO Wolfgang Kandek, is the bug exploited earlier this year in the Pwn2Own hacking contest at CanSecWest.

To Symantec’s Joshua Talbot, the most serious vulnerability is actually the Windows kernel TrueType font parsing issue covered in MS10-032.

“The most serious is the Windows kernel TrueType font parsing vulnerability,” said Talbot, security intelligence manager for Symantec Security Response, in a statement. “Exploiting this-likely through a drive-by download attack-would give an attacker near system-level privileges. It’s doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font.”

The fixes also include a patch for a vulnerability in Microsoft SharePoint the company warned about in late April and a massive update for Microsoft Office that patched 14 vulnerabilities.

“Customers should review their asset management systems and verify that all Windows XP devices have been upgraded to SP3 and that all Windows 2000 devices have been replaced or removed from the network,” advised Josh Abraham, a security researcher with Rapid7. “The most critical area of weakness for many organizations are third-party devices that are still using these operating systems. For these systems, customers will need to contact the vendor and verify the upgrade process.”
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information