Microsoft on Tuesday released 17 updates that fix 40 separate vulnerabilities, several of which are being exploited. Only two of the updates fix vulnerabilities rated critical. The two critical updates include MS10-090, which fixes seven bugs in Internet Explorer. Every supported version of IE on every supported platform is affected by at least one critical vulnerability, and client versions have at least three. Six of the seven are memory corruption vulnerabilities and the seventh is a cross-domain information disclosure that is being exploited in the wild. At least six of these were reported by professional researchers. The second critical vulnerability is MS10-091, wihch includes three bugs in the OpenType font driver that could allow for remote code execution. All versions of Windows are affected, although on Windows XP and Server 2003 only a privilege elevation is possible. Fourteen of the remaining 15 vulnerabilities fixed today have a maximum rating of important:
* MS10-092: A local user can elevate privileges by exploiting a bug in the Task Scheduler.
* MS10-093: This is one of the Insecure DLL loading vulnerabilities, affecting Windows Movie Maker on Vista. The user would have to load an untrusted file from a network share or WebDAV site.
* MS10-094: Another Insecure DLL loading vulnerability, this one is in Windows Media Encoder. The user would have to load a WME profile (.prx) file from an untrusted network share.
* MS10-095: An Insecure DLL loading vulnerability in Windows Live Mail and Live Writer.
* MS10-096: An Insecure DLL loading vulnerability in the Windows Address Book.
* MS10-097: An Insecure DLL loading vulnerability in the Windows Internet Connection Signup Wizard in XP and Server 2003.
* MS10-098: Six separate vulnerabilities in Windows related to Kernel Mode Drivers, one publicly-disclosed, could allow a user who is logged in locally to elevate privilege.
* MS10-099: The NDProxy component of Routing and Remote Access in Windows XP add Server 2003 is vulnerable to an elevation of privilege.
* MS10-100: An error in the way the Consent User Interface in Windows Vista, Windows 7, and Windows Server 2008 processes certain registry data could lead to privilege elevation.
* MS10-101: A null dereference in netlogon in Windows Server could lead to a denial of service.
* MS10-102: An authenticated user in a guest VM could send a packet, which would cause a denial of service in Hyper/V.
* MS10-103: Five vulnerabilities in all versions pf Microsoft Publisher could lead to remote code execution.
* MS10-104: A user can trigger remote code execution on Sharepoint Server 2007 with a special SOAP request. The affected services, Document Conversions Load Balancer Service and Document Conversions Launcher Service, are not enabled by default, and the user context of the attacker would be guest with access only to the temp directory.
* MS10-105: Seven vulnerabilities in the graphics import filters in Office XP, Office 2003, the Office Converter Pack and Works 9 could allow remote code execution. In a strange move, Microsoft is recommending that Office 2007 and 2010 users apply the patch as well, even though it says those versions are not vulnerable.
* The final update, MS10-106, fixes a single vulnerability rated moderate. Authenticated users could trigger a denial of service in Exchange 2007 Server. The server would have to be manually restarted.