July 2010 Patch Tuesday Summary

So what were those updates from yesterday’s Patch Tuesday that got downloaded?

Here is the summary provided by the Microsoft Security Team:

MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003. Even though this issue affects Server 2003, we have not found an attack vector on that platform so the severity rating is Low. Windows XP customers should install this update as soon as possible.

MS10-043 resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause a Denial of Service (DoS). Note that this bulletin affects only 64-bit versions of Windows 7 and Windows Server 2008 R2 with Windows Aero enabled. Aero is not installed by default on Server 2008 R2. We are not aware of any active attacks against this issue.

MS10-044 resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. This issue could allow remote code execution if a customer with Access installed opened a specially crafted Office file, or viewed a Web page that instantiated Access ActiveX controls. This security update is rated Critical for supported editions of Microsoft Office Access 2003 and Microsoft Office Access 2007.

MS10-045 This security update resolves another privately reported vulnerability that could allow remote code execution if a customer opened an attachment in a specially crafted e-mail message using an affected version of Outlook — Microsoft Outlook 2002, Microsoft Office Outlook 2003, or Microsoft Office Outlook 2007.

Are the privately reported and publicly disclosed comments in these summaries a bit of a poke in the chest for the Google Engineer who went public with the vulnerability they discovered before Microsoft had a reasonable chance to address it?

Anyway, here is a list of all the direct links to the consumer updates from yesterday that are at the Microsoft Download Center:

• Install this update to resolve an issue in which a computer that has Windows 7 or Windows Server 2008 R2 crashes on restart with certain LSI 1394 host controllers.
  
  • Update for Windows 7 (KB982300)
  • Update for Windows 7 for x64-based Systems (KB982300)
• A security vulnerability exists in Microsoft Office Access 2007 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
  
  • Security Update for Microsoft Office Access 2007 (KB979440)
• A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
  
  • Security Update for Windows XP (KB2229593)
  • Security Update for Windows XP x64 Edition (KB2229593)
• This update helps protect against DLL preloading vulnerabilities in software applications on the Windows platform.
  
  • Update for Windows 7 (KB2264107)
  • Update for Windows 7 for x64-based Systems (KB2264107)
  • Update for Windows Vista (KB2264107)
  • Update for Windows Vista for x64-based Systems (KB2264107)
• A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
  
  • Security Update for Windows 7 for x64-based Systems (KB2032276)
• Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
  
  • Update for Windows Mail Junk E-mail Filter [July 2010] (KB905866)
  • Update for Windows Mail Junk E-mail Filter for x64-based Systems [July 2010] (KB905866)
• A security issue has been identified that could allow an unauthenticated remote attacker to cause the affected application to stop responding.
  
  • Security Update for Windows Vista (KB976323)
  • Security Update for Windows Vista for x64-based Systems (KB976323)
• This update provides fixes and improvements to graphics, media foundation and print for Windows Vista platform.
  
  • Platform Update Supplement Beta for Windows Vista (KB2117917)
  • Platform Update Supplement Beta for Windows Vista for x64-based Systems (KB2117917)

Related Posts

• July 2011 Patch Tuesday Security Bulletin Details Released
• Microsoft Security Bulletin Summary for June 2010 Patch Tuesday
• November 2010 Security Patch Tuesday Updates Online
• October 2011 Patch Tuesday Related Bulletins Released
• May 2011 Patch Tuesday Summary

Richard Hay  (3358 Posts)

Richard is the Owner of WindowsObserver.com and has been involved in tech for over 25 years. His first website – AnotherWin95.com – came online in 1995. Back then he used GeoCities Web Hosting for it and what you see here today is the result of the work he has continued on the site since 1995. In January 2010 his community contributions were recognized by Microsoft when he was awarded the Most Valuable Professional (MVP) Award for Windows Desktop Experience. In January 2011 he was renewed as a Microsoft MVP but in a new category called Windows Expert - Consumer and in January 2012 he received the award for the third time.