Microsoft have released just two security bulletins for this month's Patch Tuesday. Both are rated as Critical.
The patches in the table below relate to Microsoft Operating Systems and Office software. These patches affect all operating systems for users who are actively using Outlook Express, Windows Mail and/or Windows Live mail.
As usual, these patches address fundamental issues relating to vulnerabilities in the operating system or software which could be used by attackers to compromise your systems.
In addition, there have been a number of minor items added and updated since the last Patch Tuesday. These minor updates (below) are not security patches, but fix specific issues associated to various applications so may not be relevant to all users. Our advice would be to review the list (please click on the links) and proceed accordingly. If in any doubt, please consult your IT administrator or support provider....or contact us!
Reminder: Important consideration from last month for Vista. The original release of Vista (pre-service pack 1&2) is no longer supported by Microsoft and updates will no longer be offered. If you are not currently running SP1 or SP2 then we strongly advise you consider upgrading, with the usual precautions on updating operating systems, to ensure Vista can receive updates and be supported.
Our usual advice is…
- Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately.
- Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.
- Update your Operating systems with the latest round of Critical patches as soon as possible (MS10-030, MS10-031)
- Contact us if you require any further advice or guidance on 01206 235000
As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.
Table 1: Details of MS Patches released Tuesday 11/05/2010
| MS Link |
ITSL Summary |
Severity |
Affected Software |
Restart after patch |
|
MS10-030
KB978542
|
Outlook Express, Windows Mail, and Windows Live Mail have a vulnerability which can lead to a remote code execution attack, executed by a remote email server. Microsoft rates this as “critical” but it is believed that very few business users are using these applications and that it is extremely unlikely that a remote email server would be compromised like this. For these reasons this patch can probably wait until your next scheduled patch day unless you use one of these email applications on a regular basis. |
Critical
|
Outlook Express, Windows Mail, Windows Live Mail |
Yes
|
|
MS10-031
KB978213
|
A problem with the VBA runtime can allow for an attacker to use a specially crafted document to perform remote code execution attacks. This affects Office as well as any other applications that use VBA. It is unclear if the attacks are mitigated in Office by forbidding Office from running macros. You should install this patch immediately. If your company develops software and uses Microsoft VBA you will want to read this one carefully. |
Critical
|
Microsoft Office, Microsoft Visual Basic for Applications |
May require restart
|
| Rating |
Definition |
| Critical |
A vulnerability whose exploitation could allow the propagation of an Internet worm without user action. |
| Important |
A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources. |
| Moderate |
Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. |
| Low |
A vulnerability whose exploitation is extremely difficult, or whose impact is minimal. |