May 2010 Patch Tuesday affects Microsoft Visual Basic for Applications

Jason Miller. Data and Security Team Manager for Shavlik Technologies’ Patch Patrol has a contrarian point of view on today’s patch releases; while few in number, the vulnerabilities are pretty serious.  Shavlik is based in Minneapolis.


"Microsoft has released 2 new security bulletins for the May 2010 Patch Tuesday.  This month’s security bulletins primarily affect workstations and each has a special case associated to it.  While many are dismissing this month’s patches, this is not the time to relax your patch management policies and these bulletins must be addressed.

MS10-031 affects Microsoft Visual Basic for Applications.  This bulletin can cause confusion as it affects Microsoft products as well as non-Microsoft products.  On the Microsoft products side, this patch will cover all supported versions of Microsoft Office.  For non-Microsoft products, Microsoft Visual Basic for Applications and Microsoft Visual Basic for Applications SDK are potentially used by third party software vendors for their own applications.  The vulnerable code could be on your system through one of these programs.  It is important to note that Microsoft can only patch the Microsoft Office suite for this vulnerability.

To find out if you have third-party software that is vulnerable, Microsoft has provided a knowledge base article (KB978213) with steps to identify these products.  If you do find one of these products, you should contact the software vendor and ask for their patch to address the vulnerability.  Like the ATL issue last July, we could see many vendors supplying their own patches to address this vulnerability.  This is just another important reminder that patching is not just a Microsoft issue when it comes to software vulnerabilities.

S10-030 affects Microsoft’s email clients and addresses one vulnerability.  Like MS10-031, there is a special case with this bulletin.  This bulletin affects every supported Microsoft operating system.  However the Microsoft email clients, Windows Live Mail and Windows Mail, are not installed by default on some of the affected operating systems and will require a user to install the client.

  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –  
Justifying IT Security: Managing Risk & Keeping Your Network Secure
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The primary attack vector for this vulnerability is to intercept mail client network traffic through a man-in-the-middle attack.  A common scenario for this type of an attack is free Wi-Fi host spots such as Universities or libraries because they are not secured.  An attacker could perform a man-in-the-middle attack and gain remote code execution.

The attack vector for this vulnerability seems a bit unlikely.  An attacker would need to entice a user to connect to a malicious email server in order to gain remote code execution.  We all see spam emails ranging from luxury watches and ‘special’ pharmaceutical drugs at outrageously cheap prices to phishing attempts aimed at gaining private and confidential information.  But, a phishing attempt to entice a user to connect to a malicious email server is very uncommon."


About Shavlik

Shavlik, a global leader in simplifying the complexity of IT management, is dedicated to significantly reducing the time-to-value for IT professionals from months to minutes. Shavlik’s Protect, Configure, SCUPdates and Management Intelligence are some of its on-premise and cloud base solutions that enable customers to manage both physical and virtual machines, deploy software, discover assets, simplify configuration, control power usage and ensure endpoint security. By bringing the sophisticated capabilities enjoyed by large companies to organizations of all sizes and types, Shavlik is driving the democratization of IT.


No comments yet.

Leave a Reply