Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             Archive
                July 2009
                Emergency Patch Release July 2009
                August 2009
                September 2009
                October 2009
                November 2009
                December 2009
                Emergency Patch Release January 2010
                January 2010
                February 2010
                Emergency Patch Release March 2010
                March 2010
                April 2010
                May 2010
                June 2010
                July 2010
                August 2010
                September 2010
                October 2010
                November 2010
                December 2010
                January 2011
             February 2011
             March 2011
             April 2011
             May 2011
             June 2011
             July 2011
             August 2011
             September 2011
             December2011
             January 2012
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> Archive >> June 2010 07 February 2012  
Patch Tuesday June 2010

Microsoft have released ten security bulletins for this month's Patch Tuesday. Three are rated by Microsoft as Critical. We have highlighted a further two (MS10-038MS10-040) that are potentially Critical due to the widespread use of the applications involved.

All of the patches in the table below relate to Microsoft Operating Systems and Office software and, as usual, they address fundamental issues relating to vulnerabilities in the operating system or software which could be used by attackers to compromise your systems.

There have also been three items added and updated since the last Patch Tuesday. These minor updates (below) are not security patches, but fix specific issues associated to various applications so may not be relevant to all users. Our advice would be to review the list (please click on the links) and proceed accordingly. If in any doubt, please consult your IT administrator or support provider....or contact us!

Reminder: Important consideration from previous months for Vista. The original release of Vista (pre-service pack 1&2) is no longer supported by Microsoft and updates will no longer be offered. If you are not currently running SP1 or SP2 then we strongly advise you consider upgrading, with the usual precautions on updating operating systems, to ensure Vista can receive updates and be supported.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately.
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.
     
  • Update your Operating systems with the latest round of Critical patches as soon as possible (MS10-033, MS10-034, MS10-035, MS10-038MS10-040)
     
  • Contact us if you require any further advice or guidance on 01206 235000

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 08/06/2010

MS Link ITSL Summary Severity Affected Software Restart after patch

MS10-032

KB979559

 A trio of bugs to do with Windows fonts that can allow escalation of privileges attacks. It would be a bit hard to sneak one of these files onto the system without some sort of direct access anyway, which is why this patch can wait until your next patch cycle.

Important

 2000, XP, 2003, Vista, Windows 7, 2008, 2008r2

Yes

MS10-033

KB979902

 This patch addresses a pair of vulnerabilities in Windows’ media player subsystem which allows specially crafted media files and streaming content to attack your systems. One of the vulnerabilities is less serious than the other, but you should patch your systems immediately all the same. Depending on your system, you may need to install up to four separate patches to address the issues.

Critical

 2000, XP, 2003, Vista, Windows 7, 2008, 2008r2

May require restart

MS10-034

KB980195

 This patch updates your browser’s ActiveX control and fixes two bugs that could allow remote code execution attacks.  If you allow ActiveX on your desktops (which you shouldn’t, other than for internal sites), install this patch immediately. Otherwise, wait until your next patch cycle.

Critical

 (2000, XP, Vista, 7) Moderate for: (2003, 2008, 2008 R2)

May require restart

MS10-035

KB982381

 

 Five security holes in Internet Explorer (5, 6, 7, and 8), which can allow remote code execution attacks, are fixed in this update. Some of them are rated as “Moderate” but there aren’t any specific combinations of IE versions and Windows versions to make them non-critical.  On the side of caution, install this patch immediately.

Critical

 2000, XP, Vista, 7, 2003, 2008, 2008 R2

Yes

MS10-036

KB983235

 Validation in Office has a bug which can allow remote code execution attacks. Normally this would not be running in Office from outside sources, so this is a less risky bug than it could be. Patch your systems on the next scheduled times.

Important

 Office XP, Office 2003, Office 2007

May require restart

MS10-037

KB980218

 Another font handling issue is allowing escalation of privileges attacks across all versions of Windows. Like MS10-032, this one can wait until your next patch cycle.

Critical

 2000, XP, Vista, 7, 2003, 2008, 2008

May require restart

MS10-038

KB2027452

 A total of fourteen security bugs, to do with the way Microsoft Office opens files, are fixed with this patch.  The worst of these bugs can result in remote code execution attacks.  Microsoft says this one is “Important” but we consider it “Critical” due to the widespread use of Office.  Immediate patching recommended.

Important

Critical

 Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Office 2007 File Formats

May require restart

MS10-039

KB980218

 Three problems with SharePoint are fixed with this patch. The issues allow an attacker to perform a variety of attacks, including an escalation of privileges attack if a SharePoint user clicks on a malicious link in SharePoint. This is not a burning issue so can wait until your usual patch time.

Important

 InfoPath 2003, InfoPath 2007, Office SharePoint Server 2007, Windows SharePoint Services 2.0

May require restart

MS10-040

KB982666

 Computers running IIS 6, 7, and 7.5 are vulnerable to a remote code execution. Microsoft calls this patch “Important” but we think that understates the issue for servers. We recommend that servers are patched immediately, and leave desktops for the regular patch cycle.

Important

Critical for Servers

 Vista, 7, 2003, 2008, 2008 R2

May require restart

MS10-041

KB981343

 A problem affecting all versions of the .NET Framework’s handling of signed XML content could allow the data to be altered without being detected.  This is a fairly minor issue, so this patch can wait until the next patch cycle

Important

 2000, XP, Vista, 7, 2003, 2008, 2008 R2

May require restart

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

 

We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009-2011 IT ServiceLink LTD A Microsoft Small Business Specialist