die Microsoft Security Bulletins für April 2010 wurden gestern Abend veröffentlicht. Die Veröffentlichung der Bulletins ersetzt die Bulletin Advance Notification, die erstmalig am 08.04.10 bekanntgegeben wurde.

Weitere Infos findet Ihr in der Mail unten (engl.) und auch online auf: Microsoft Security Bulletin Summary für April*2010 (dt.)
In der unten folgenden Tabelle sind die Security Bulletins für diesen Monat nach Schweregrad geordnet.

Am Mittwoch, den 14.04.10 führt Microsoft um 20:00 Uhr (MEZ) einen englischsprachigen Webcast durch, um Fragen zu diesen Bulletins zu beantworten. Registriert Euch jetzt für den Security Bulletin-Webcast im April<http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032427721&EventC ategory=4&culture=en-US&CountryCode=US>. Im Anschluss steht dieser Webcast auf Anfrage zur Verfügung.

Weitere Informationen dazu findet Ihr unter Microsoft Security Bulletin Zusammenfassungen und Webcasts.<http://www.microsoft.com/technet/security/bulletin/summary.mspx>


__________________________________________________ __


What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletin(s) being released on April 13, 2010. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins
Microsoft is releasing the following eleven (11) new security bulletins for newly discovered vulnerabilities:

Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software*
MS10-019<http://www.microsoft.com/technet/security/bulletin/MS10-019.mspx> Vulnerabilities in Windows Could Allow Remote Code Execution (981210) Critical Remote Code Execution Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-020<http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx> Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) Critical Remote Code Execution Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-021<http://www.microsoft.com/technet/security/bulletin/MS10-021.mspx> Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) Important Elevation of Privilege Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-022<http://www.microsoft.com/technet/security/bulletin/MS10-022.mspx> Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169) Important Remote Code Execution May require restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-023<http://www.microsoft.com/technet/security/bulletin/MS10-023.mspx> Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) Important Remote Code Execution May require restart Microsoft Office Publisher 2002, Publisher 2003, and Publisher 2007
MS10-024<http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx> Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) Important Denial of Service Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Exchange 2000 Server SP3, Exchange Server 2003 SP2, Exchange Server 2007, and Exchange Server 2010.
MS10-025<http://www.microsoft.com/technet/security/bulletin/MS10-025.mspx> Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) Critical Remote Code Execution Requires restart Microsoft Windows 2000 Server
MS10-026<http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx> Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) Critical Remote Code Execution May require restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS10-027<http://www.microsoft.com/technet/security/bulletin/MS10-027.mspx> Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402) Critical Remote Code Execution May require restart Microsoft Windows 2000 and Windows XP.
MS10-028<http://www.microsoft.com/technet/security/bulletin/MS10-028.mspx> Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) Important Remote Code Execution May require restart Microsoft Office Visio 2002, Visio 2003, and Visio 2007
MS10-029<http://www.microsoft.com/technet/security/bulletin/MS10-029.mspx> Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338) Moderate Spoofing Requires restart Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
* The list of affected software in the table above is an abstract. To see the full list of affected components, please click on the bulletin summary link in the left column and review the "Affected Software" section.

Summaries for new bulletin(s) may be found at Microsoft Security Bulletin Summary for April 2010.

Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000.

High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at Description of Software Update Services and Windows Server Update Services changes in content for 2010.

Public Bulletin Webcast

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft April Security Bulletins (Level 200)
Date: Wednesday, April 14, 2010, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: https://msevents.microsoft.com/CUI/W...tID=1032427721

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at Please Verify your Location.

Bulletin Identifier Microsoft Security Bulletin MS10-019
Bulletin Title Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Executive Summary This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. The security update addresses the vulnerabilities by performing additional verification operations when signing and verifying a portable executable or cabinet file.
Severity Ratings and Affected Software This security update is rated Critical for all supported versions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors * A specially crafted or modified portable executable (PE) file that includes malicious code.
* A specially crafted or modified cabinet (.cab) file that includes malicious code.
* Common delivery mechanisms: a maliciously crafted Web page, e-mail attachment, instant message, peer-to-peer file share, and/or network share.
Mitigating Factors * Exploitation only gains the same user rights as the logged-on account.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS10-019 - Critical: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)


Bulletin Identifier Microsoft Security Bulletin MS10-020
Bulletin Title Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Executive Summary This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

The security update addresses the vulnerabilities by correcting the manner in which the SMB client handles SMB responses, allocates memory, and validates fields within the SMB response.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors * A maliciously crafted SMB response to a client-initiated SMB request.
* An attacker on the local network could perform a man-in-the-middle attack to respond to a legitimate SMB request with a malformed SMB response.
Mitigating Factors * Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS10-006
Full Details Microsoft Security Bulletin MS10-020 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)


Bulletin Identifier Microsoft Security Bulletin MS10-021
Bulletin Title Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

The security update addresses the vulnerabilities by correcting validations, the creation of symbolic links, the resolution of virtual registry key paths, and exceptions handling.
Severity Ratings and Affected Software This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and the original release version of Windows Vista. This security update is rated Moderate for all supported versions of Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors * A maliciously crafted application
Mitigating Factors * An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS10-015
Full Details Microsoft Security Bulletin MS10-021 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)


Bulletin Identifier Microsoft Security Bulletin MS10-022
Bulletin Title Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
Executive Summary This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

The security update addresses the vulnerability by modifying the way that the VBScript engine processes help files in protected mode.
Severity Ratings and Affected Software * This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003.
* On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable. However, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating.
Attack Vectors * A maliciously crafted Web page.
Mitigating Factors * This vulnerability cannot be exploited on Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2.
* This vulnerability requires user interaction.
* Users would have to be persuaded to visit a malicious Web site.
* By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted Sites zone.
* By default, IE on Windows 2003 and Windows Server 2008 runs in a restricted mode.
* Exploitation only gains the same user rights as the logged-on account.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS10-022 - Important: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)


Bulletin Identifier Microsoft Security Bulletin MS10-023
Bulletin Title Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

The update addresses the vulnerability by correcting the way that Microsoft Office Publisher opens specially crafted Publisher files.
Severity Ratings and Affected Software This security update is rated Important for supported versions of Microsoft Office Publisher 2002, Microsoft Office Publisher 2003, and Microsoft Office Publisher 2007.
Attack Vectors * A maliciously crafted Publisher file
* Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
Mitigating Factors * Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
* Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Users would have to be persuaded to visit a malicious Web site.
* Publisher 2002 and later versions prompt a user to Open, Save, or Cancel before opening a document.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update * MS08-027 for Office XP and Office 2003.
* MS09-030 for 2007 Office System SP1.
Full Details Microsoft Security Bulletin MS10-023 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)


Bulletin Identifier Microsoft Security Bulletin MS10-024
Bulletin Title Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
Executive Summary This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.

The security update addresses the vulnerabilities by correcting the manner in which SMTP parses MX records and the manner in which SMTP allocates memory for interpreting SMTP command responses.
Severity Ratings and Affected Software This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003; 32-bit and x64-based editions of Windows Server 2008; Windows Server 2008 R2 for x64-based Systems; and Microsoft Exchange Server 2003. This security update is rated Moderate for Microsoft Exchange Server 2000.
Attack Vectors * A malicious DNS server response to an MX resource record query for CVE-2010-0024
* Maliciously crafted SMTP commands for CVE-2010-0025.
Mitigating Factors * SMTP is not installed by default on Windows 2003 or Windows XP.
* Microsoft has not identified any mitigations for CVE-2010-0025.
Restart Requirement * You must restart your system after you apply the IIS security update packages.
* The Exchange server packages do not require a reboot.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS10-024 - Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)


Bulletin Identifier Microsoft Security Bulletin MS10-025
Bulletin Title Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
Executive Summary This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services.

The security update addresses the vulnerability by modifying the way that the Windows Media Unicast Service (nsum.exe) handles transport info network packets.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server.
Attack Vectors * Maliciously crafted transport information packets.
Mitigating Factors * Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
* On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS10-025 - Critical: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)


Bulletin Identifier Microsoft Security Bulletin MS10-026
Bulletin Title Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

The security update addresses the vulnerability by correcting the way that the Microsoft MPEG Layer-3 audio codecs decode the MPEG Layer-3 audio stream in specially crafted AVI files.
Severity Ratings and Affected Software * This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003 (except Itanium-based editions), and Windows Server 2008 (except Itanium-based editions).
* For all supported editions of Windows Vista, this security update is rated Important.
* Itanium-based editions of Windows Server 2003 and Windows Server 2008, and all supported editions of Windows 7 and Windows Server 2008 R2, are not affected by the vulnerability.
Attack Vectors * A maliciously crafted .AVI file.
* Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
Mitigating Factors * Users would have to be persuaded to visit a malicious Web site.
* Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
* Windows Media Player on Windows Vista does not use the vulnerable codec for decoding AVI files containing an MPEG Layer-3 audio stream.
Restart Requirement May require restart
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS10-026 - Critical: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)


Bulletin Identifier Microsoft Security Bulletin MS10-027
Bulletin Title Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Executive Summary This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

The security update addresses the vulnerability by modifying the way the Windows Media Player ActiveX control handles specially crafted media content hosted on a malicious Web site.
Severity Ratings and Affected Software This security update is rated Critical for Windows Media Player 9 Series when installed on all supported editions of Microsoft Windows 2000 and Windows XP.
Attack Vectors * A maliciously crafted Web page.
* Maliciously crafted media content.
Mitigating Factors * Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Users would have to be persuaded to visit a malicious Web site.
* By default, all supported versions of Outlook & Outlook Express open HTML e-mail messages in Restricted sites zone reducing successful attacks by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail.
Restart Requirement In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Bulletins Replaced by This Update MS07-047
Full Details Microsoft Security Bulletin MS10-027 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)


Bulletin Identifier Microsoft Security Bulletin MS10-028
Bulletin Title Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user.

The security update addresses these vulnerabilities by correcting the way that Microsoft Office Visio validates attributes and calculates indexes when opening specially crafted Visio files.
Severity Ratings and Affected Software This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007 Service Pack 1, and Microsoft Office Visio 2007 Service Pack 2.
Attack Vectors * A maliciously crafted Visio file.
* Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
Mitigating Factors * Visio 2002 and later versions will prompt with Open, Save, or Cancel before opening a document.
* Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
* Users would have to be persuaded to visit a malicious Web site.
* Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement May require restart
Bulletins Replaced by This Update MS09-005 for Office Visio 2003 and Office Visio 2007
MS09-062 for Office Visio 2002
Full Details Microsoft Security Bulletin MS10-028 - Important: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)


Bulletin Identifier Microsoft Security Bulletin MS10-029
Bulletin Title Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
Executive Summary This security update resolves one privately reported vulnerability in Microsoft Windows. This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.
Severity Ratings and Affected Software * This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
* Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update.
Attack Vectors * Maliciously crafted network packets
Mitigating Factors * The vulnerability only impacts systems when they are configured with an ISATAP interface.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS10-029 - Moderate: Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's Web-based security content, the information in Microsoft's Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team