So what were those updates from yesterday’s Patch Tuesday that got downloaded?
Here is the summary provided by the Microsoft Security Team:
MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003. Even though this issue affects Server 2003, we have not found an attack vector on that platform so the severity rating is Low. Windows XP customers should install this update as soon as possible.
MS10-043 resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause a Denial of Service (DoS). Note that this bulletin affects only 64-bit versions of Windows 7 and Windows Server 2008 R2 with Windows Aero enabled. Aero is not installed by default on Server 2008 R2. We are not aware of any active attacks against this issue.
MS10-044 resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. This issue could allow remote code execution if a customer with Access installed opened a specially crafted Office file, or viewed a Web page that instantiated Access ActiveX controls. This security update is rated Critical for supported editions of Microsoft Office Access 2003 and Microsoft Office Access 2007.
MS10-045 This security update resolves another privately reported vulnerability that could allow remote code execution if a customer opened an attachment in a specially crafted e-mail message using an affected version of Outlook — Microsoft Outlook 2002, Microsoft Office Outlook 2003, or Microsoft Office Outlook 2007.
Are the privately reported and publicly disclosed comments in these summaries a bit of a poke in the chest for the Google Engineer who went public with the vulnerability they discovered before Microsoft had a reasonable chance to address it?
Anyway, here is a list of all the direct links to the consumer updates from yesterday that are at the Microsoft Download Center:
- Install this update to resolve an issue in which a computer that has Windows 7 or Windows Server 2008 R2 crashes on restart with certain LSI 1394 host controllers.
- A security vulnerability exists in Microsoft Office Access 2007 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
- A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
- This update helps protect against DLL preloading vulnerabilities in software applications on the Windows platform.
- A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
- Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
- A security issue has been identified that could allow an unauthenticated remote attacker to cause the affected application to stop responding.
- This update provides fixes and improvements to graphics, media foundation and print for Windows Vista platform.