Category Archives: Uncategorized

Fix gegen abstürzende MMC herausgebracht

Das Exchange Team hat auf dem Teamblog einen Hinweis herausgebracht das es einen Fix für ein Problem gibt von dem einige betroffen waren. Auf Windows Server 2008 (R2) mit installiertem Internet Explorer 9 funktionierte in manchen Fällen die Management Konsole nicht mehr funktioniert.

Hier gehts zum Blogeintrag:

http://blogs.technet.com/b/exchange/archive/2011/10/17/a-fix-for-the-interoperability-issues-between-exchange-2007-and-2010-emc-and-ie9-is-now-available.aspx

Happy fixing.

 

Viele Grüße

 

Walter Steinsdorfer

Ein Hinweis in eigener Sache

einige haben es schon bemerkt, auf dem Blog ist der Facebook “I like it” – Button verschwunden. Ich habe das Facebook-Plugin im Windows Live Writer vorläufig erst einmal deaktiviert bis sich die Datenschutzbeauftragten auf eine umsetzbare und einheitliche Regelung geeinigt haben. Wer trotzdem den “Gefällt mir” – Button drücken möchte kann das weiterhin auch auf Facebook tun.

 

Viele Grüße

 

Walter Steinsdorfer

Exchange und OL–Autodiscover

Autodiscover und Frei / Gebucht-Zeiten hängen eng miteinander zusammen. Outlook 2003 holt sich die Frei/Gebucht Zeiten noch aus den Öffentlichen Ordnern, die von den Clients (Outlook) dort hinterlegt werden. In Outlook kann die Dauer der Publizierung eingestellt werden.

clip_image002

Getroffene Einstellung unter Optionen, Kalenderoptionen, Frei/Gebucht-Optionen

Alle anderen Outlook-Clients bedienen sich dann dieser Frei / Gebucht –Zeiten. Gerade bei der Veröffentlichung in mehreren Öffentlichen Ordnern ist dieses Verfahren jedoch Fehleranfällig, da Outlook nur alle 15 Minuten die Daten aktualisiert (defaultwert ist 60 Minuten) und eine Replikation zwischen Öffentlichen Ordnern mindestens 15 Minuten benötigt. Unter Exchange 2010 Sp1 funktioniert das in Verbindung mit Outlook ab Version 2007 nicht mehr so, hier wird der „Microsoft Exchange Availability Service/ Verfügbarkeitsdienst“ verwendet.

Welche Version auf welchen Dienst zugreift hat Microsoft in einer Tabelle unter folgendem Link dargestellt:

Methods Used to Retrieve Free/Busy Information

http://technet.microsoft.com/en-us/library/bb232134.aspx

Der Zugriff auf die Frei / Gebucht – Zeiten aus Outlook 2007/2010 – Sicht ist etwas komplexer, aber deutlich stabiler und eher „echtzeitorientiert“ wie unter den Vorgängerversionen, vgl. Tabelle:

Improvements Over Exchange 2003 Free/Busy

http://technet.microsoft.com/en-us/library/bb232134.aspx

Wie hängen Autodiscover und Frei / Gebucht zusammen?

Outlook ab Version 2007 und OWA ab Exchange 2007 verwenden eine mit Exchange 2007 eingeführte Technologie um eine (mehr oder weniger) Automatische Konfiguration von verschiedenen Clients zu ermöglichen. Verschiedene durch die Exchange – Umgebung angebotenen Dienste werden dabei über „interne“ und „externe“ Urls erreichbar gemacht und über die Autodiscover – Funktion veröffentlicht. Die Autodiscover-Funktion hinterlegt auf den Servern mit der Client Access- Rolle eine Autodiscover.xml:

clip_image004

Die Autodiscover-Datei ist über eine virtuelle Site im Exchange – Server erreichbar:

image

 

Hat man einen Loadbalancer für den Zugriff auf die Autodiscover Url, so ist der Zugriff über den Loadbalancer (Eintrag eines A-Eintrages auf die IP  des Loadbalancers notwendig) möglich.

Outlook kann die Informationen, wo eine Autodiscover – Datei bereitliegt auf unterschiedliche Arten bekommen:

1) Die Exchange-Server mit einer installierten Client-Access-Rolle werden im Active Directory hinterlegt (das passiert automatisch).

 

In diesem Fall bekommt der Client (Outlook) eine Liste aller Client – Access – Server mit installiertem Autodiscover virtuell Directory zurück und versucht die Autodiscover.xml von einem der Server zu beziehen. Das funktionert allerdings nur wenn der Computer und die sich anmeldende Person ein Konto im gleichen Active Directory Forest haben. Ansonsten versucht Outlook ab Version 2007 verschiedene Urls aufzulösen, die auf einen der CAS-Server zeigen müssen. Am gängisten ist wahrscheinlich die Methode, in jeder Domäne für die es „Haupt“-Emailadressen (die Suche beim Einrichten eines Profils beginnt mit der Emaildomäne des Anwenders) gibt den Eintrag „autodiscover.meinedomäne.de“ auf einen der CAS-Server zeigen zu lassen (bzw. auf das ClientAccessArray / den Hardwareloadbalancer).

image

Diese Methode wird beispielsweise von Mobilfunkgeräten genutzt die sich nicht innerhalb der Domäne befinden, aber auch Outlook 2010 kann das anwenden.

Und was steht da drin in der Autodiscover-Datei?

Das kann man mit einem installierten Outlook 2010 relativ leicht beantworten. Einfach Shift+Strg festhalten und mit der Linken Maustaste auf „Email-Autokonfiguration testen“ klicken.

image

Wie man sieht bekommt Outlook URLs zurück die auf die verschiedenen Dienste zeigen, eine davon ist die URL für den Verfügbarkeitsdienst. Dabei wird immer die Konfiguration ermittelt, die für den Anwender relevant ist. Das bemisst sich nach der Active – Directory Site in der die Mailbox! des Anwenders liegt.

Die Frei / Gebucht URL

Lt. dem folgenden Artikel von Microsoft soll die Frei/Gebucht Url auf einen CAS-Server direkt, nicht auf das Array zeigen. Das muß innerhalb der Exchange-Webservices entsprechend hinterlegt werden:

image

Technet siehe

http://technet.microsoft.com/en-us/library/aa997237.aspx

Note:

If you have a set of load balanced Client Access servers, you don’t have to specify the name of each server when you run this command. You only need to use the name of one of the servers in the set of load balanced servers.

Viele Grüße

 

Walter Steinsdorfer

Heute ist Oktober–Patchday

… und es gab noch nie so viele Patche. Hm, irgendwie war das schon im letzten Monat der Fall. Naja, wie auch immer, hier die Liste der Updates:

 

MS10-071

Cumulative Security Update for Internet Explorer (2360131)
This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

Requires restart

Microsoft Windows,
Internet Explorer

MS10-075

Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player network sharing service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.

Critical
Remote Code Execution

May require restart

Microsoft Windows

MS10-076

Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

May require restart

Microsoft Windows

MS10-077

Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.

Critical
Remote Code Execution

May require restart

Microsoft Windows,
Microsoft .NET Framework

MS10-072

Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML.

Important
Information Disclosure

May require restart

Microsoft Server Software

MS10-073

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-078

Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-079

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Office

MS10-080

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Office

MS10-081

Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

Requires restart

Microsoft Windows

MS10-082

Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Windows

MS10-083

Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

Requires restart

Microsoft Windows

MS10-084

Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs specially crafted code that sends an LPC message to the local LRPC Server. The message could then allow an authenticated user to access resources that are running in the context of the NetworkService account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-085

Vulnerability in SChannel Could Allow Denial of Service (2207566)
This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.

Important
Denial of Service

Requires restart

Microsoft Windows

MS10-074

Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Moderate
Remote Code Execution

May require restart

Microsoft Windows

MS10-086

Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster.

Moderate
Tampering

Requires restart

Microsoft Windows

 

Mehr Informationen bekommt ihr beim Oktober Security Bulletin.

Happy Patching

 

Walter Steinsdorfer

Internet Explorer 9 Beta ist da

Microsoft stellt den Internet Explorer 9 Beta zum testen zur Verfügung. Da es sich um Beta-Software handelt sollte diese nicht auf Produktivsystemen getestet werden. Folgender KB-Artikel schildert die Voraussetzungen die installiert werden müssen für IE9Beta:

Voraussetzungen für die Installation von Internet Explorer 9 Beta

 

Achtung Hinweis: Zum momentanen Zeitpunkt zeigen die Updatelinks für den XPS-Update noch auf die Vista statt die Windows 7 Version. Bitte den KB-Artikel anklicken der in der Überschrift für das XPS-Update verlinkt ist und von dort die richtige Version herunterladen.

Nach einem Neustart kann IE 9 dann installiert werden. Der Download von IE 9 Beta ist hier verfügbar:

http://windows.microsoft.com/de-DE/internet-explorer/download/ie-9/worldwide

Wer Lust hat kann es natürlich auch in einer anderen Sprach versuchen ;-)

 

Viele Grüße

 

Walter Steinsdorfer

Installation von Exchange 2010 Service Pack 1

Bei der Installation von Service Pack 1 habe ich einige Fragende Gesichter bei meinen Mitadmins gesehen. Deswegen hier ein paar Besonderheiten der Service Pack 1 Installation.


  1. Das Service Pack 1 für Exchange 2010 bringt eine Schemaerweiterung mit. Die Schemaerweiterung sollte auf dem Domain Controller mit der FSMO-Rolle “Schemamaster” ausgeführt werden. Der einfachste Weg ist dabei in einer CMD, die als Administrator ausgeführt wird (zu den benötigten Rechten gleich noch mehr) die setup.com mit dem Schalter /prepareAD und danach mit /preparealldomains oder einfacher /pad aufzurufen. Für das eigentliche Schemaupdate werden folgende Rechte benötigt: Schema und Enterpriseadministrator. Die eigentliche Exchange 2010 Service Pack 1 Installation kann starten sobald das Schemaupdate in der Domäne in welcher sich auch Exchange befindet angekommen ist (nur zu beachten bei Multi – Domänen – Forests).
  2. Installation der Voraussetzungen für Exchange 2010 Service Pack 1

Wie groß darf meine Mailbox sein?

Aufgrund mehreren Kundenanfragen und vergeblicher Suche im Internet habe ich die Frage mal bei Microsoft gestellt: Wie groß darf meine Mailbox aktuell, also mit Exchange 2010 und RU4 sein damit der Support das unterstützt? Unter Exchange 2003 Sp2 waren das imho mal 2 GB, wobei es sicher damals schon einige größere Mailboxen gab. Die Antwort die ich jetzt von Microsoft erhalten habe erstaunt mich aber dennoch:

Die aktuelle Mailboxgröße darf so groß sein wie eine Datenbank unter Exchange.”

Da es hier praktisch nur die NTFS-Größenlimitierung gibt (16 TB) ist das eine erstaunliche Größe. Natürlich gibt es einige “Empfehlungen” was Größe und Anzahl der Elemente betrifft.

  1. Ab Outlook 2007 Sp2 möglichst weniger als 100.000 Elemente Pro Folder (wer mehr hat strapaziert womöglich die Leidensfähigkeit seiner Nutzer oder siehe Punkt 2). Ältere Outlook – Versionen (wird noch was vor OL 2003 unterstützt?)  sollten nicht mehr als 10.000 Elemente pro Folder beherbergen.
  2. Größere Ost-Dateien sollten auf einer SSD liegen (was größer bedeutet hängt wahrscheinlich wiederum sehr von der Leidensfähigkeit der Benutzer ab)
  3. Wenn viel gelöscht wird oder die Platte fragmentiert ist defragmentieren Sie die Ost-Datei (gilt nicht beim Einsatz einer SSD).

Der Laptop auf dem ich den Artikel gerade schreibe läuft übrigens auch mit einer SSD. Neben dem geringeren Stromverbrauch und der geringeren Hitzeentwicklung ein echter Performancebooster, nicht nur für Outlook. Das öffnet sich bei mir auf diesem Laptop übrigens in weniger als 2 Sekunden und auch bei mehr als 10K Elementen reagiert es nach einem Wechsel in einen anderen Ordner sofort (Mein OL ist ca. 5 GB groß). Wer mal eine SSD im Laptop benutzt hat und danach wieder auf eine “normale” Festplatte umsteigt sollte sich in Geduld üben. Wer eine große, bzw. stark wachsende Mailbox hat und keine SSD sollte über ein Archiv (z.B. das Online-Archiv von Exchange) nachdenken. Mit einem langsamen Rechner tut man sich mit den immer Gefallen.

Viele Grüße

 

Walter Steinsdorfer

Rekord – Patchday im August

Noch nie hat Microsoft so viele Lücken auf einmal schließen müssen. Im Bulletin von August sind ganze 15 Lücken aufgeführt die geschlossen werden wollen, die meisten davon kritisch:

MS10-046

Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

Requires restart

 

MS10-049

Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker’s Web site.

Critical
Remote Code Execution

Requires restart

Microsoft Windows

MS10-051

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
This security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

Critical
Remote Code Execution

Requires restart

Microsoft Windows

MS10-052

Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

May require restart

Microsoft Windows

MS10-053

Cumulative Security Update for Internet Explorer (2183461)
This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

Requires restart

Microsoft Windows, Internet Explorer

MS10-054

Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

Critical
Remote Code Execution

Requires restart

Microsoft Windows

MS10-055

Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

May require restart

Microsoft Windows

MS10-056

Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

May require restart

Microsoft Office

MS10-060

Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario.

Critical
Remote Code Execution

May require restart

Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

MS10-047

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-048

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
This security update resolves one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-050

Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
This security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Windows

MS10-057

Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Office

MS10-058

Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-059

Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

May require restart

Microsoft Windows

 

Happy Patchday kann ich da nur sagen

 

Viele Grüße

 

Walter Steinsdorfer