As expected, Microsoft has released 10 patches fro 34 vulnerabilities. Summary: Get the relevant patches tested and applied as quickly as you can.
MS10-032 describes 3 vulnerabilities affecting Windows Kernel-Mode drivers. 1 of the vulnerabilities (CVE-2010-0485) was publicly disclosed prior to the release of this bulletin.
MS10-033 describes 2 critical vulnerabilities affecting all versions of Windows. Both vulnerabilities were responsibly disclosed, however media related vulnerabilities are generally prime candidates for reverse engineering and exploit development efforts.
MS10-034 ActiveX Kill Bits are always a regular part of Microsoft’s patch Tuesday strategy. I hope that their provisioning is a stop-gap containment effort, and are not considered a fix unto themselves. In addition to 5 third-party class IDs, Microsoft is adding kill bits for 2 of its own products, Data Analyzer and IE8 Developer Tools. It is important to note that even if the software does not exist on a system, adding the kill bits remains an important part of in-depth security, in case the controls are installed at a later date.
MS10-035 This IE cumulative patch addresses 6 vulnerabilities including the public CVE-2010-0255, and the IE8 PWN2OWN bug. Patch this one immediately.
MS10-036 This bulletin addresses a single vulnerability affecting Excel, PowerPoint, Word, Publisher and Visio components of Office 2003 and 2007, as well as Office XP, 2003 and 2007.
MS10-037 A single vulnerability affecting OpenType CFF Fonts which could lead to elevation of privilege.
MS10-038 addresses a whopping 14 vulnerabilities.
MS10-039 addresses 3 vulnerabilities in SharePoint and InfoPath, including the public SharePoint XSS that was receiving some attention a couple of months ago.
MS10-040 fixes a single vulnerability in IIS. IIS is only vulnerable in a specific configuration, where Extended Protection for Authentication is enabled and Windows credentials are used for authentication. It is still recommended that all IIS users apply this update in case their configuration is later modified.
MS10-041 patches a single vulnerability related to a specific .NET method that could be subject to authentication bypass. Content protected by a XML Signature verified using the affected method could potentially be tampered with and replaced with new content.
|MS10-032||Win32k Improper Data Validation Vulnerability||CVE-2010-0484|
|Win32k Window Creation Vulnerability||CVE-2010-0485|
|Win32k TrueType Font Parsing Vulnerability||CVE-2010-1255|
|MS10-033||Media Decompression Vulnerability||CVE-2010-1879|
|MJPEG Media Compression Vulnerability||CVE-2010-1880|
|MS10-034||Microsoft Data Analyzer ActiveX Control Vulnerability||CVE-2010-0252|
|Microsoft Internet Explorer 8 Developer Tools Vulnerability||CVE-2010-0811|
|MS10-035||Cross-Domain Information Disclosure Vulnerability||CVE-2010-0255|
|toStaticHTML information Disclosure Vulnerability||CVE-2010-1257|
|Uninitialized Memory Corruption Vulnerability I||CVE-2010-1259|
|HTML Element Memory Corruption Vulnerability||CVE-2010-1260|
|Uninitialized Memory Corruption Vulnerability II||CVE-2010-1261|
|Memory Corruption Vulnerability||CVE-2010-1262|
|MS10-036||COM validation Vulnerability||CVE-2010-1263|
|MS10-037||OpenType CFF Font Driver Memory Corruption Vulnerability||CVE-2010-0819|
|MS10-038||Excel Record Parsing Memory Corruption Vulnerability||CVE-2010-0821|
|Excel Object Stack Overflow Vulnerability||CVE-2010-0822|
|Excel Memory Corruption Vulnerability I||CVE-2010-0823|
|Excel Record Memory Corruption Vulnerability I||CVE-2010-0824|
|Excel Record Memory Corruption Vulnerability II||CVE-2010-1245|
|Excel RTD Memory Corruption Vulnerability||CVE-2010-1246|
|Excel Memory Corruption Vulnerability II||CVE-2010-1247|
|Excel HFPicture Memory Corruption Vulnerability||CVE-2010-1248|
|Excel Memory Corruption Vulnerability III||CVE-2010-1249|
|Excel EDG Memory Corruption Vulnerability||CVE-2010-1250|
|Excel Record Stack Corruption Vulnerability||CVE-2010-1251|
|Excel String Variable Vulnerability||CVE-2010-1252|
|Excel ADO Object Vulnerability||CVE-2010-1253|
|Mac Office Open XML Permissions Vulnerability||CVE-2010-1254|
|MS10-039||Help.aspx XSS Vulnerability||CVE-2010-0817|
|toStaticHTML Information Disclosure Vulnerability||CVE-2010-1257|
|Sharepoint Help Page Denial of Service Vulnerability||CVE-2010-1264|
|MS10-040||IIS Authentication Memory Corruption Vulnerability||CVE-2010-1256|
|MS10-041||XML Signature HMAC Truncation Authentication Bypass Vulnerability||CVE-2009-0217|
Recommendation: Test and patch, as always.