Bulletin |
Most likely attack vector |
Max Bulletin Severity |
Max Exploit-ability Index |
Likely first 30 days impact |
Platform mitigations and key notes |
MS10-027
(WMP)
|
Victim browses to a malicious webpage. |
Critical |
1 |
Likely to see reliable exploit code developed |
Windows Vista, Windows Server 2008, and Windows 7 not affected |
MS10-026
(DirectShow) |
Victim browses to a malicious webpage or opens a malicious AVI movie. |
Critical |
1 |
Likely to see reliable exploit code developed |
Windows 7 codec is not vulnerable. |
MS10-019
(WinVerifyTrust) |
Victim double-clicks a malicious EXE or allows malicious content to run because content claims to be signed by a trusted publisher. |
Critical |
2 |
Likely to see effective proof-of-concept code released to downgrade Authenticode checks from v2 down to v1. Authenticode v1 is a weaker algorithm. To reach code execution, attackers will need to find an Authenticode v1 bypass. |
Microsoft Update and Windows Update clients not directly vulnerable to this threat. |
MS10-020
(SMB Client)
|
Attacker hosts malicious SMB server within enterprise network. Attacker lures victim to click on a link that causes victim to initiate an SMB connection to the malicious SMB server. |
Critical |
2 |
Proof-of-concept code already exists for denial-of-service vulnerability. May see unreliable exploit code developed for other client-side SMB vulnerabilities that most often results in denial-of-service. |
Egress filtering at most corporations will limit exposure to attacker within enterprise network.
Several issues with differing exploitability. Please see SRD blog for more information.
|
MS10-022
(VBScript)
|
Victim browses to a malicious webpage and is tricked into clicking F1 on a VBScript messagebox. |
Important |
1 |
Public exploit code exists for code execution after a user presses F1. Have not heard reports of real-world attacks yet, despite public exploit code. |
Vulnerability not reachable on Windows 7, Windows Server 2008, and Windows Vista by default. Bulletin rated defense-in-depth for those platforms.
Windows Server 2003 not vulnerable by default due to Enhanced Security Configuration.
|
MS10-025
(Windows Media Services) |
If a victim Windows 2000 machine has enabled Windows Media Services, an attacker can send network-based attack over port 1755 (TCP or UDP). |
Critical |
1 |
Likely to see reliable exploit code developed. |
Only Windows 2000 is affected. |
MS10-021
(Kernel)
|
Attacker able to run code locally on a machine exploits a vulnerability to run code at a higher privilege level. |
Important |
1 |
Likely to see reliable exploit code developed for one or more of these eight vulnerabilities. |
SRD blog post explaining the Windows registry link vulnerabilities. |
MS10-024
(SMTP Service)
|
Attacker causes SMTP Service running on 64-bit Windows Server 2003 to crash by initiating a DNS lookup handled by a malicious DNS server. |
Important |
n/a |
No chance for code execution. May see proof-of-concept code that crashes SMTP Service but not for Exchange. |
Exchange Server not directly affected by denial-of-service vulnerability because vulnerable versions never shipped as 64-bit application. Security update applies to 32-bit Exchange Server to add additional DNS protections. |
MS10-028
(Visio)
|
Victim opens malicious .VSD file |
Important |
1 |
Visio exploits not often seen in the wild. Unsure whether we will see exploit released. |
Visio not installed by default with most Office installations. |
MS10-023
(Publisher)
|
Victim opens malicious .PUB file |
Important |
1 |
Publisher exploits not often seen in the wild. Unsure whether we will see exploit released. |
|
MS10-029
(ISATAP)
|
Attacker spoofs own source address by encapsulating iPv6 attack packet inside IPv4 wrapper. This may allow attacker to reach IPv6 destination that otherwise would be blocked. |
Moderate |
n/a |
May see proof-of-concept released publicly. |
|