Microsoft released 9 security patches in September 4 severity levels

Microsoft today released the September 2010 security bulletin, released 9 security patches, 4 of which are critical, 5 are critical, and Windows is fixed. And multiple vulnerabilities in Office. Unfortunately, this patch did not fix the previously exposed Windows DLL vulnerability.

1, Announcement Number: MS10-061

Knowledge Base Number: KB2347290

Abstract: Fixed a remote code execution vulnerability in Windows Printer Services.

There is a remote code execution vulnerability in the Windows Printer Service. An attacker can send a well-constructed print request to a system that has the printer service interface turned on and execute malicious code on the system.

Highest Security Level: Critical

Impact Operating System: Windows XP/Windows 2003/Windows Vista/Windows 2008/Windows 7

2, Announcement Number: MS10-062< Br>

Knowledge Base Number: KB975558

Abstract: Fixed Windows MPEG-4 Codec Remote Code Execution Vulnerability

A remote code exists in the Windows MPEG-4 codec Execution of vulnerabilities, when a user opens an attacker's carefully constructed media files, browses a web page containing carefully constructed media streams, or even browses a folder containing malicious media files, the attacker's malicious code is executed and run. Malicious programs or stealing user data.

Highest Security Level: Critical

Impact Operating System: Windows XP/Windows 2003/Windows Vista/Windows 2008

3, Announcement Number: MS10-063

Knowledge Base Number: KB2320113

Abstract: Windows Unicode Script Processing Component (usp10.dll) Remote Code Execution Vulnerability

Windows Unicode Script Processing Component DLL There is a remote code in usp10.dll Execution of a vulnerability, when a user browses an attacker's carefully constructed document or web page using an application that supports embedded OpenType fonts (such as Firefox or Microsoft Office), the attacker's malicious code is executed, running a malicious program or Stealing user data.

Highest Security Level: Critical

Impact Operating System: Windows XP/Windows 2003/Windows Vista/Windows 2008

4, Announcement Number: MS10-064

Knowledge Base Number: KB2315011

Abstract: Microsoft Outlook Remote Code Execution Vulnerability

Users use a vulnerable version of Outlook to connect to an Exchange server and open malicious messages that are carefully constructed by an attacker It can make the attacker's malicious code execute on the user's system, run malicious programs or steal user data.

Highest Security Level: Critical

Impact Software: Office XP/2003/2007

5, Announcement Number: MS10-065

Knowledge Base Number: KB2267960

Abstract: Windows Network Information Service (IIS) Remote Code Execution Vulnerability

This patch fixes two secret reported vulnerabilities contained in IIS and an already disclosed vulnerability, attacker You can send special HTTP requests to the IIS server to trigger these vulnerabilities and use this to run arbitrary code on the server, gain control of the service, or run malicious programs.

Highest Security Level: Important

Impact Operating System: Windows XP/Windows 2003/Windows Vista/Windows 2008/Windows 7 (Installing and Running IIS Services)

6. Bulletin Number: MS10-066

Knowledge Base Number: KB982802

Abstract: Windows Remote Procedure Call Component Remote Code Execution Vulnerability

A remote remote exists in the Windows Remote Procedure Call component Code execution vulnerabilities, an attacker can first entice a user to connect to a malicious server controlled by an attacker, and send a carefully constructed RPC request to the attacker's malicious code to execute on the user's system, run malicious programs or steal user data. .

Highest Security Level: Important

Impact Operating System: Windows XP/Windows 2003

7, Announcement Number: MS10-067

Knowledge Base Number: KB2259922

Abstract: Text Converter Remote Code Execution Vulnerability in WordPad Program

There is a remote code execution vulnerability in the text converter in the WordPad program in Windows system, which users open with WordPad When an attacker carefully constructs a file, the attacker's malicious code can be executed on the user's system, running a malicious program or stealing user data.

Highest Security Level: Important

Impact Operating System: Windows XP /2003

8, Announcement Number: MS10-068

Knowledge Base Number: KB983539

Abstract: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

There is a security vulnerability in the Windows Local Security Authority Subsystem service that allows attackers to send carefully constructed light The volume-level directory control protocol message is sent to the listening LSASS server and causes the attacker's malicious code to execute in the system, run malicious programs or steal user data.

Highest Security Level: Important

Impact Operating System: Windows XP/Windows 2003/Windows Vista/Windows 7/Windows 2008

9, Announcement Number: MS10-069< Br>

Knowledge Base Number: KB2121546

Abstract: Windows Client Server Runtime Subsystem (CSRSS) Local Privilege Escalation Vulnerability

One Login to Set Region Language for Chinese, Japanese, or Korean An attacker on the operating system can send a special request to enhance its own permissions, and obtain the highest control of the operating system, install malicious programs or modify or delete user data.

Highest Security Level: Important

Impact Operating System: Windows XP/Windows 2003