Microsoft patch Tuesday: Minor movements...

Filed Under: SophosLabs

Hey Admins.... It's that time again. The second Tuesday is upon us and May so far hasn't been demanding as far as patching goes.

So far .... this month Microsoft has only issued two security announcements. MS10-030 and MS10-031. Microsoft has rated both as critical - and both could result in remote code being executed.

MS10-030 resolves an integer overflow in POP3 & IMAP mail responses to Outlook Express and Windows Mail.... MS10-031 addresses a stack memory corruption related to the way that "Visual Basic for Applications" searches for ActiveX components, when host applications provide specially crafted files to the Visual Basic runtime.

Adobe and Apple haven't issued any security updates in May yet.

Apple's last security update was on April 15th when they issued Security Update 2010-003 for OSX 10.5 and 10.6. ( 2010-003 addressed an issue with handling embedded fonts that could result in RCE )( see CVE-2010-1120 for more details )

Adobe's last update was APSB10-10 on April 30th. APSB10-10 resolves issues in Photoshop CS4 (v11.0.0 ) for both Mac and Windows variants.   Issues with Photoshop's handling of specially crafted .TIFF files could lead to remote code execution ( see CVE-2010-1279 for more details ).

You can find  more information on this month's Microsoft Advisories and Bulletins at the SophosLabs vulnerability analysis page.

If you've found our vulnerability posts to be valuable, or have some suggestions for how we can better serve you, please let us know at sophosblog@sophos.com

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s