3990 - December 2010 Microsoft BulletinPlatform level affected:
Operating SystemHardware components affected:
Intel PCSpecific operating systems components affected:
32-bit WindowsNet-enabled software:
Web BrowserRemediation Summary:
Update your copy of the software with the download available from the supplier.Vendors affected:
Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft Sharepoint, Microsoft ExchangeAdversity source:
Remote execution/modificationPossible Duration:
UnknownAvailability of fix:
AvailableType of fix:
MicrosoftReliability of source:
KnownSource URL: http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspxCVE:
CVE-2010-3340, CVE-2010-3342, CVE-2010-3343, CVE-2010-3345, CVE-2010-3346, CVE-2010-3348, CVE-2010-3962, CVE-2010-3956, CVE-2010-3957, CVE-2010-3959Abstract:
Microsoft has released updates to address vulnerabilities in Microsoft Windows.
National Cyber Alert System
Technical Cyber Security Alert TA10-348A
Microsoft Updates for Multiple Vulnerabilities
Original release date: December 14, 2010
Last revised: --
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Office, Sharepoint, and Exchange. Microsoft has released updates to address these vulnerabilities.
The Microsoft Security Bulletin Summary for December 2010 describes multiple vulnerabilities in Microsoft Windows, Internet Explorer, Office, Sharepoint, and Exchange. Microsoft has released updates to address the vulnerabilities.
A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for December 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).
The most recent version of this document can be found at:
Feedback can be directed to US-CERT Technical Staff. Please send email to firstname.lastname@example.org with "TA10-348A Feedback VU#462388" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2010 by US-CERT, a government organization.
December 14, 2010: Initial release
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Thu, 16 Dec 2010 00:00:00 GMT
Domain affected: Technical