Yesterday was the second Tuesday in July aka “Patch Tuesday” so it also witnessed the release of the scheduled updates for the month and an accompanying Security Bulletin. Today, the Help and Support remote code execution vulnerability described in MS10-042 is reported as the focus of a “zero-day exploit” (an exploit that occurs the same day that a vulnerability is acknowledged) that is reported in this ZDNet blog “25,000 PCs attacked with latest Windows zero day [exploit]” as what can only be summarized as an extremely active infection or infestion on the Internet. Patch your systems quickly, folks!
Other items updated in the latest round include the following:
- MS10-043 Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (Critical, but affects only x64 versions of Windows 7 and Windows Server 2008 R2).
- MS10-044 Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (Critical, but affects only MS Office 2003 SP3 and 2007 SP1 and SP2 versions)
- MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (Important, and affects Office XP SP3, 2003 SP3, and 2007 SP1 and SP2 versions)
The usual monthly elements (Windows Malicious Software Removal Tool, Outlook Junk Email Filter, and so forth) were also distributed as well. My x86 (32-bit) systems didn’t require a reboot after installing these updates, but my x64 (64-bit) systems did. Enjoy!