Microsoft has released the expected 2 patches today to address 8 Remote Code Execution vulnerabilities.
Microsoft also released 2 additional Security Advisories.
|Movie Maker and Producer Buffer Overflow Vulnerability||CVE-2010-0265|
|MS10-017||Microsoft Office Excel Record Memory Corruption Vulnerability||CVE-2010-0257|
|Microsoft Office Excel Sheet Object Type Confusion Vulnerability||CVE-2010-0258|
|Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability||CVE-2010-0260|
|Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability||CVE-2010-0261|
|Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability||CVE-2010-0262|
|Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability||CVE-2010-0263|
|Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability||CVE-2010-0264|
A single, privately reported vulnerability in Movie Maker and Producer 2003. The specific issue is in the way these programs parse their related native project files. The current patch applies only to Movie Maker. Producer is not being patched at this time. Microsoft has provided a Fix it for Producer to remove the file associations in KB975561. There are no known exploits available for this vulnerability at this time.
As I always recommend with Remote Code Execution patches, apply all of the relevant ones as soon as possible after testing.
In addition to the 2 bulletins released this month, there is a new and an updated security advisory that are worth mentioning.
The updated advisory (973811) indicates that a new version of the update is available allowing for IIS to be opted-in to Extended Protection for Authentication. Extended Protection for Authentication provides additional protections against credential forwarding as an added defense in depth measure.
The new security advisory (981374) reports a 0-day in Internet Explorer 6 and 7. Other versions of IE are not affected. Microsoft provides several workarounds in the advisory, including setting an ACL on the iepeers.dll file. This vulnerability is being exploited in targeted attacks in the wild.
More Details: Microsoft Internet Explorer CVE-2010-0806 Remote Code Execution Vulnerability
Symantec has raised their ThreatCon Alert Level to 2 as a result of this new threat.