The headline bulletins will be the two critical security holes, one of which affects all versions of Windows and Windows Server, and another critical vulnerability which can be found in all versions of Internet Explorer. Whether the Internet Explorer fix will be addressing the IE vulnerability revealed at the recent Pwn2Own contest is unclear though. Both critical holes allow for remote code execution.
The remaining bulletins have been rated as important and aim to close holes in Windows, Office InfoPath 2010, and Web Apps 2010 Service Pack 1, as well as in server software such as Groove Server and SharePoint. Microsoft says that most of these vulnerabilities allow attackers to elevate their privileges and launch denial-of-service attacks. The patches for Microsoft Office and for the server software will close holes that allow potential attackers to harvest data.
Corss-posted from Heise-Media