This snapshot, taken on
10/03/2011
, shows web content acquired for preservation by The National Archives. External links, forms and search may not work in archived websites and contact details are likely to be out of date.
 
 
The UK Government Web Archive does not use cookies but some may be left in your browser from archived websites.
Security advice

Security advice

December 2010 Microsoft Bulletin

ID: 3990
Date: 16/12/2010

Title: 3990 - December 2010 Microsoft Bulletin
Platform level affected:Operating System
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Other
Other software: Web Browser
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Microsoft
Applications affected:Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft Sharepoint, Microsoft Exchange
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Automated Patch
Source: Microsoft
Reliability of source: Known
Source URL: http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
CVE: CVE-2010-3340, CVE-2010-3342, CVE-2010-3343, CVE-2010-3345, CVE-2010-3346, CVE-2010-3348, CVE-2010-3962, CVE-2010-3956, CVE-2010-3957, CVE-2010-3959
Abstract:

Microsoft has released updates to address vulnerabilities in Microsoft Windows.

National Cyber Alert System

Technical Cyber Security Alert TA10-348A

Microsoft Updates for Multiple Vulnerabilities

Original release date: December 14, 2010
Last revised: --

Source: US-CERT

Systems Affected

  • Microsoft Windows
  • Microsoft Internet Explorer
  • Microsoft Office
  • Microsoft Sharepoint
  • Microsoft Exchange

Overview

There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Office, Sharepoint, and Exchange. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for December 2010 describes multiple vulnerabilities in Microsoft Windows, Internet Explorer, Office, Sharepoint, and Exchange. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for December 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

References

 ____________________________________________________________________

The most recent version of this document can be found at:

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

 ____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-348A Feedback VU#462388" in the subject.
 ____________________________________________________________________

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
 ____________________________________________________________________

Produced 2010 by US-CERT, a government organization.

Terms of use: http://www.us-cert.gov/legal.html
 ____________________________________________________________________

Revision History

December 14, 2010: Initial release

Additional URL

http://isc.incidents.org/diary.html?storyid=10081

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.