April 2010 - Microsoft Releases 11 Security Advisories

  Severity: CRITICAL
  Advisory Date: APR 13, 2010

  DESCRIPTION

  • (MS10-019) Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

    This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  • (MS10-020) Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)

    This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.

  • (MS10-021) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

    This security update resolves a privately reported This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.

  • (MS10-022) Vulnerability in VBScript Could Allow Remote Code Execution (981169)

    This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution.

  • (MS10-023) Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)

    This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file.

  • (MS10-024) Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)

    This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service.

  • (MS10-025) Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)

    This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server.

  • (MS10-026) Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)

    This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream.

  • (MS10-027) Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)

    This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site.

  • (MS10-028) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

    This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file.

  • (MS10-029) Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)

    This security update resolves one privately reported vulnerability in Microsoft Windows. This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

Featured Stories