US-CERT Technical Cyber Security Alert TA10-222A -- Microsoft Updates for Multiple Vulnerabilities

                    National Cyber Alert System

              Technical Cyber Security Alert TA10-222A

Microsoft Updates for Multiple Vulnerabilities

   Original release date: August 10, 2010

   Last revised: --

   Source: US-CERT

Systems Affected

     * Microsoft Windows

     * Microsoft Office

     * Internet Explorer

     * Microsoft .NET Framework

     * Microsoft Silverlight

Overview

   Microsoft has released updates to address vulnerabilities in

   Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft

   .NET Framework, and Microsoft Silverlight.

I. Description

   The Microsoft Security Bulletin Summary for August 2010 describes

   multiple vulnerabilities in Microsoft Windows, Microsoft Office,

   Internet Explorer, Microsoft .NET framework, and Microsoft

   Silverlight. Microsoft has released updates to address the

   vulnerabilities.

   One of the bulletins released, MS10-046, addresses a previously

   identified vulnerability in the Windows Shell that is actively

   being exploited.  This vulnerability was also described in US-CERT

   Vulnerability Note VU#940193.

II. Impact

   A remote, unauthenticated attacker could execute arbitrary code or

   cause a vulnerable system or application to crash.

III. Solution

   Apply updates

   Microsoft has provided updates for these vulnerabilities in the

   Microsoft Security Bulletin Summary for August 2010. The security

   bulletin describes any known issues related to the updates.

   Administrators are encouraged to note these issues and test for any

   potentially adverse effects. Administrators should consider using

   an automated update distribution system such as Windows Server

   Update Services (WSUS).