|
Security
Patches
MS10-061/KB2347290
-
Critical (XP, Vista, 7, 2003, 2008, 2008
R2):
This patch closes up a remote code execution
vulnerability in the print spooler of all
places. Since your print spoolers should
never be exposed from the outside, and
because no computer shares printers by
default, this patch can safely wait until
your regular patch window. In a few rare
cases, XP machines with certain printers
installed are vulnerable even without
sharing the printer. 110KB - 1.0MB
MS10-062/KB975558
-
Critical (XP, Vista, 2003, 2008):
A problem in the MPEG-4 codec can allow
remote code execution attacks when viewing a
malformed file or stream. All the same,
video files are common enough to warrant
installing this patch as soon as you can.
143KB - 912KB
MS10-063/KB2320113
-
Critical (XP, Vista, 2003, 2008):
The portion of Windows that handles Unicode
has a bug that could allow remote code
execution exploits to be performed. The
attacker would need to feed you a document
or a Web page with an embedded, malformed
font. That’s trivially easy, so you will
want to install this patch immediately.
293KB - 1.4MB
MS10-064/KB2315011
-
Critical (Office XP, Office 2003, Office
2007):
Outlook is open to a remote code execution
attack if it opens an email while connected
to an Exchange server in Online Mode. This
is a common scenario in the business world,
so you will want to treat this patch as
“right now” item. 2.7MB - 12.0MB
MS10-065/KB2267960
-
Important (IIS 5.1, IIS 6, IIS 7, IIS 7.5):
This patch corrects a remote code execution
problem, an escalation of privileges issue,
and a denial of service vulnerability in all
modern versions of IIS. The holes can be
exploited with a malformed HTTP request.
Microsoft labels this problem as “Important”
but I consider it “critical” and suggest
that you patch this as soon as you can. 73KB
- 1.6MB
MS10-066/KB982802
-
Important (XP, 2003):
There is a remote code execution attack
vulnerability in RPC that this patch
addresses. RPC should not be visible outside
the firewall, and the attack requires that
the user of the exploited PC initiate the
connection. As such, this patch can wait
until your usual patch time to be installed.
793KB - 3.3MB
MS10-067/KB2259922
-
Important (XP, 2003):
WordPad, of all things, has a problem that
can allow remote code execution attacks when
opening malicious files. Unless you have
desktop machines with nothing better than
WordPad installed, this patch can wait until
your usual patch window. 617KB - 1.4MB
MS10-068/KB983539
-
Important (XP, Vista, 7, 2003, 2008, 2008
R2):
Active Directory, Active Direct Application
Mode (ADAM), and Active Directory
Lightweight Directory Service (LDS) all have
an escalation of privileges hole. The
vulnerability is triggered by malformed LDAP
messages sent to LSASS servers. The attacker
needs a domain account, but their computer
does not need to be joined to the domain.
You can wait until you’re your scheduled
patch time for this one. 856KB - 5.6MB
MS10-069/KB2121546
-
Important (XP, 2003):
Users of XP and 2003 machines that are set
up to use a Chinese, Japanese, or Korean
system locale are able to elevate the
privileges. This patch fixes the hole
(Microsoft is a bit vague as to what
actually triggers the problem). If you have
a system like this, install this patch at
your normal time. 634KB - 1.3MB
Other updates
KB2141007 - This adds
Extended Protection for Authentication to
Outlook Express and Windows Mail. Unless you
are using these mail clients (unlikely on a
business computer) you can skip this patch.
587KB - 3.0MB
KB2398632 - This patch
fixes the UE 8 upgrade advisor in Windows 7
and 2008 R2 which is broken by an earlier
security update. 581KB - 1.2MB
“The Usual Suspects”: Updates to the
Malicious Software Removal Tool (11.7MB -
12.1MB) and Junk Email filters (2.2MB).
|
