April 2010 - Posts

TechNet Webcast: Information About Microsoft April 13, 2010 Security Bulletins

Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.

Duration: 90 Minutes
Start Date: Wednesday, April 14, 2010 11:00 AM Pacific Time (US & Canada)

Event Overview

Join us for a brief overview of the technical details of the April security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Senior Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register Online

Posted Tue, Apr 13 2010 18:02 by Don
Filed under:

Microsoft Security Bulletin Summary for April 13, 2010

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
»www.microsoft.com/technet/securi···apr.mspx

Critical (5)

Microsoft Security Bulletin MS10-019
Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
»www.microsoft.com/technet/securi···019.mspx

Microsoft Security Bulletin MS10-020
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
»www.microsoft.com/technet/securi···020.mspx

Microsoft Security Bulletin MS10-025
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
»www.microsoft.com/technet/securi···025.mspx

Microsoft Security Bulletin MS10-026
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
»www.microsoft.com/technet/securi···026.mspx

Microsoft Security Bulletin MS10-027
Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
»www.microsoft.com/technet/securi···027.mspx

Important (5)

Microsoft Security Bulletin MS10-021
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
»www.microsoft.com/technet/securi···021.mspx

Microsoft Security Bulletin MS10-022
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
»www.microsoft.com/technet/securi···022.mspx

Microsoft Security Bulletin MS10-023
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
»www.microsoft.com/technet/securi···023.mspx

Microsoft Security Bulletin MS10-024
Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
»www.microsoft.com/technet/securi···024.mspx

Microsoft Security Bulletin MS10-028
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
»www.microsoft.com/technet/securi···028.mspx

Moderate (1)

Microsoft Security Bulletin MS10-029
Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)
»www.microsoft.com/technet/securi···029.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Posted Tue, Apr 13 2010 17:19 by Don
Filed under:

Microsoft Security Bulletin Advance Notification - Apr. 8, 2010

Microsoft Security Bulletin Advance Notification issued: April 8, 2010

Microsoft Security Bulletins to be issued: April 13, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010.

Microsoft is planning to release 11 security bulletins:

5 rated as Critical

5 rated as Important and

1 rated as Moderate

Advance notice

Posted Thu, Apr 8 2010 13:22 by Don
Filed under:

Foxit Releases Reader v3.2.1

The Foxit Corporation has released Foxit Reader 3.2.1.0401 to address a critical vulnerability. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

Foxit notice

Posted Mon, Apr 5 2010 11:33 by Don
Filed under:

Mozilla Releases Firefox 3.6.3

Fixed in: Firefox 3.6.3

Description

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

Advisory Details

Get it here

Posted Fri, Apr 2 2010 5:59 by Don
Filed under: