Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2010-12-14

MS10-090
Title Cumulative Security Update for Internet Explorer
Replaces MS10-071
Affected Internet Explorer
KB KB2416400
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3340 1
2010-3342 0
2010-3343 1
2010-3345 1
2010-3346 1
2010-3348 0
2010-3962 1
MS10-091
Title Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution
Replaces MS10-037, MS10-078
Affected Microsoft Windows OpenType Font (OTF) Driver
KB KB2416400
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-3956 1
2010-3957 1
2010-3959 2
MS10-092
Title Vulnerability in Task Scheduler Could Allow Elevation of Privilege
Replaces
Affected Microsoft Task Scheduler
KB KB2305420
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3338 1
MS10-093
Title Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
Replaces MS10-050
Affected Windows Movie Maker
KB KB2424434
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3967 1
MS10-094
Title Vulnerability in Windows Media Encoder Could Allow Remote Code Execution
Replaces MS80-53, MS10-033
Affected Windows Media Encoder
KB KB2447961
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3965 1
MS10-095
Title Vulnerability in Microsoft Windows Could Allow Remote Code Execution
Replaces
Affected Microsoft Windows
KB KB2385678
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3966 1
MS10-096
Title Vulnerability in Windows Address Book Could Allow Remote Code Execution
Replaces
Affected Microsoft Windows Address Book
KB KB2423089
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3147 1
MS10-097
Title Insecure Library Loading in Internet Connection Sign up Wizard Could Allow Remote Code Execution
Replaces
Affected Microsoft Windows
KB KB2443105
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3144 1
MS10-098
Title Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Replaces MS10-073
Affected Microsoft Windows Kernel-mode Drivers
KB KB2436673
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-3939 1
2010-3940 1
2010-3941 2
2010-3942 2
2010-3943 1
2010-3944 1
MS10-099
Title Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege
Replaces
Affected Microsoft Windows Remote Access NDProxy Component
KB KB2440591
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3963 1
MS10-100
Title Vulnerability in Consent User Interface
Replaces
Affected User Account Control
KB KB2442962
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3961 1
MS10-101
Title Vulnerability in Windows Netlogon Service
Replaces
Affected Netlogon/RPC Service
KB KB2207559
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-2742 3
MS10-102
Title Vulnerability in Hyper-V Could Allow Denial of Service
Replaces
Affected Microsoft Windows
KB KB2345316
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3960 2
MS10-103
Title Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution
Replaces MS10-023, MS10-036
Affected Microsoft Publisher
KB KB2292970
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-2569 1
2010-2570 1
2010-2571 2
2010-3954 2
2010-3955 3
MS10-104
Title Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution
Replaces
Affected Microsoft SharePoint
KB KB2433089
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-3964 1
MS10-105
Title Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution
Replaces MS80-44
Affected Microsoft Office Graphics
KB KB968095
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-3945 1
2010-3946 2
2010-3947 2
2010-3949 2
2010-3950 2
2010-3951 2
2010-3952 2
MS10-106
Title Vulnerability in Microsoft Exchange Server Could Allow Denial of Service
Replaces MS10-024
Affected Microsoft Exchange Server
KB KB2407132
Known Exploits No
Microsoft Rating Moderate
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2010-3937 3
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.