Microsoft issued nine security bulletins for Patch Tuesday today to cover 11 security holes in Windows and other Microsoft products.
Four of the bulletins are rated “critical,” including two Microsoft considers very likely to be exploited. Among these two bulletins is MS10-061, which addresses a publicly disclosed vulnerability in the Print Spooler service that could be exploited to allow remote code execution via a specially crafted print request to a vulnerable system with a print spooler interface exposed over RPC.
“On Windows XP, the guest account is enabled by default, which allows anonymous users to access printer shares,” Microsoft said in the advisory. “On Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, an attacker must be authenticated in order to exploit this vulnerability unless password-based sharing is disabled. If password-based sharing is disabled, attackers could exploit these systems without authentication.”
MS10-062 was also ranked as likely to be exploited. The bulletin covers a remote code execution vulnerability tied to the way the MPEG-4 codec handles supported format files. If exploited successfully, an attacker could take control of a vulnerable system.
“There is a prevalence of sharing media and video files, so MS10-062 is of particular interest, as this media code execution takes advantage of vulnerabilities by crafting music files,” said Dave Marcus, director of security and research communications at McAfee Labs. “We have found that cyber-criminals are increasingly hiding malicious content in music- and movie-related sites, making it very easy to craft a fake file and exploit this type of vulnerability.”
The other two critical bulletins address vulnerabilities in Microsoft Outlook and the Unicode Scripts Processor. Also known as Uniscribe, the Unicode Script Processor is a collection of APIs that enables a text layout client to format complex scripts. According to Microsoft, the Uniscribe bug can be exploited if a user views a specially crafted document or Web page with an application that supports embedded OpenType fonts.
The Outlook vulnerability only exists “in configurations where Outlook connects to an Exchange Server in Online Mode,” Microsoft said in its advisory. “Configurations where Outlook connects to an Exchange Server in the Cached Exchange Mode are not affected. In addition, configurations where Outlook uses POP or IMAP mail servers only are not affected by this vulnerability.”
The remaining bulletins are rated “important” and reside in Windows. The security update addresses roughly a third of the amount of vulnerabilities addressed in last month’s patches. Microsoft initially announced 13 vulnerabilities would be fixed today, but later corrected it as a typo.