Microsoft Security Bulletin Summary for April 13, 2010

Microsoft Security Bulletin Summary for April 13, 2010
Microsoft Security Bulletin Summary for April 13, 2010
Published: April 13 2010
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Note: Security Center - Bulletins Advisories Tools Guidance Resources and Microsoft Security | Computer Security | Malicious Software are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
Microsoft Security Bulletin Summary for April 2010
Critical (5)
Microsoft Security Bulletin MS10-019 - Critical
Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Published: April 13, 2010
Microsoft Security Bulletin MS10-019 - Critical: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Microsoft Security Bulletin MS10-020 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Published: April 13, 2010
Microsoft Security Bulletin MS10-020 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Microsoft Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
Published: April 13, 2010
Microsoft Security Bulletin MS10-025 - Critical: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
Microsoft Security Bulletin MS10-026 - Critical
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
Published: April 13, 2010
Microsoft Security Bulletin MS10-026 - Critical: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Microsoft Security Bulletin MS10-027 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)


Important (5)
Microsoft Security Bulletin MS10-021 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
Published: April 13, 2010
Microsoft Security Bulletin MS10-021 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

Microsoft Security Bulletin MS10-022 - Important
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
Published: April 13, 2010
Microsoft Security Bulletin MS10-022 - Important: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
Microsoft Security Bulletin MS10-023 - Important
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Published: April 13, 2010
Microsoft Security Bulletin MS10-023 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Microsoft Security Bulletin MS10-024 - Important
Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
Published: April 13, 2010
Microsoft Security Bulletin MS10-024 - Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Microsoft Security Bulletin MS10-028 - Important: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Moderate (1)
Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)
Microsoft Security Bulletin MS10-029 - Moderate: Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Microsoft blocks 'movies-to-malware' attacks.

Microsoft today patched 25 vulnerabilities in Windows, Exchange and Office, including nine marked "critical," the company's highest threat ranking.

But researchers were unanimous in urging users to immediately apply two of the 11 updates, which address major bugs in Windows Media Player and an important video file format, to block drive-by attacks that will quickly spread on the Web.

The patches also fixed eight flaws pegged as "important," the next-lowest step in Microsoft's four-stage scoring system, and another eight tagged as "moderate." Five of today's 11 update packages were marked critical, while five were labeled important and the remaining one as moderate.

Security experts directed users' attention to a pair of updates that addressed issues in Windows' media infrastructure.

Click to expand...

Source -
Microsoft blocks 'movies-to-malware' attacks - Computerworld