Residential collective sales market rebounds
SINGAPORE : Singapore's residential collective sales market has rebounded after a virtual lull last year, and prospects of larger deals look good going forward, said real estate services firm DTZ Research.
Since the start of 2010, DTZ's quarterly report said, 34 residential collective sale deals worth a total of S$1.47 billion have taken place.
The burst of activity in the market followed the solitary sale of Dragon Mansion for S$100.8 million in the whole of 2009.
However, the market is still far below the heydays of 2007 when 136 deals worth a total of S$12.4 billion were recorded, DTZ said.
The deals so far this year included developments with a predominant residential component such as Changi Complex and Katong Mansion. But most of the deals were below the S$100-million mark. Only one deal, namely Meng Garden, went over the threshold at S$137 million.
Of the 34 collective sales this year, 26 or 48.6 per cent were dealt at a price tag of less than S$50 million. In comparison, the bulk of value in 2007 was from transactions sealed above the S$100-million category.
With rising risk appetites, the collective sale market has entered its second phase, which could see transactions for larger sites, DTZ said.
A few sites such as Hawaii Tower with reserve prices above S$500 million have been launched for tender, or have garnered the requisite 80 per cent approval.
A number of major condominium sites are in the process of gathering residents' approval and could be put up for sale next year, including Faber Garden, Amber Park, Astor Green and Pandan Valley.
However, DTZ said 2011 might still not match the watershed year of 2007. Seller fatigue has crept in, particularly in projects that had earlier failed in their collective sale bids. Some sellers were also holding out for higher prices.
DTZ added that the market appears more rational this time round, with developers pricing land based on prevailing market rates of the units that they expect to sell.
Electricity tariffs to go up next year
SINGAPORE: After falling this quarter, electricity tariffs for households will go up by 3.3 per cent for the first three months of next year.
SP Services said this is due to higher fuel oil prices, which have increased to almost US$100 a barrel.
As a result, it said the electricity tariffs for households will increase 0.76 cents per kilowatt hour (kWh) to S$0.241.
SP Services said families in four-room HDB flats will on average pay about S$3.15 more a month on electricity charges.
The Energy Market Authority has approved the latest tariffs.
Over 80% of residential project The Tennery sold
SINGAPORE: More than 80 per cent of the 217 units released at residential property The Tennery have been sold, said its developer Far East Organization.
Located at the junction of Woodlands Road and Choa Chu Kang Road, 181 units were taken up at a preview.
Far East Organization said selling prices of The Tennery ranged from S$950 to S$1,300 per square foot.
The Tennery is an apartment complex sitting on the upcoming Junction 10 mall, right at Ten Mile Junction MRT Station.
Far East Organization said the SOHO-inspired property will "breathe new life and a refreshing cosmopolitan flair" into the Bukit Panjang suburb.
80 per cent of the buyers were Singaporeans and permanent residents, while 60 per cent of the units sold were one-bedroom apartments, said Far East Organization.
The property developer added that most of the buyers were professionals living in Bukit Panjang and the surrounding vicinity, such as Choa Chu Kang, Bukit Batok and Hillview.
Due to the strong response, more units of The Tennery will be released during its official launch this coming New Years' Day, said the developer.
The Tennery is a 16-storey residential development with 338 units in total.
It offers one-and-two-bedroom apartments sized at 619 to 950 square feet, with a floor-to-ceiling height of 3.4 metres for each unit.
Finest Chocolate May Get Better: Cacao Tree Genome Sequenced
ScienceDaily (Dec. 28, 2010)
— The production of high quality chocolate, and the farmers who grow
it, will benefit from the recent sequencing and assembly of the
chocolate tree genome, according to an international team led by Claire
Lanaud of CIRAD, France, with Mark Guiltinan of Penn State, and
including scientists from 18 other institutions.
The team sequenced the DNA of a variety of Theobroma cacao, considered to produce the world's finest chocolate. The Maya domesticated this variety of Theobroma cacao,
Criollo, about 3,000 years ago in Central America, and it is one of the
oldest domesticated tree crops. Today, many growers prefer to grow
hybrid cacao trees that produce chocolate of lower quality but are more
resistant to disease."Fine cocoa production is estimated to be less than 5 percent of the world cocoa production because of low productivity and disease susceptibility," said Guiltinan, professor of plant molecular biology.
The researchers report in the current issue of Nature Genetics "consumers have shown an increased interest for high-quality chocolate made with cocoa of good quality and for dark chocolate, containing a higher percentage of cocoa, while also taking into account environmental and ethical criteria for cocoa production."
Currently, most cacao farmers earn about $2 per day, but producers of fine cacao earn more. Increasing the productivity and ease of growing cacao can help to develop a sustainable cacao economy. The trees are now also seen as an environmentally beneficial crop because they grow best under forest shade, allowing for land rehabilitation and enriched biodiversity.
The team's work identified a variety of gene families that may have future impact on improving cacao trees and fruit either by enhancing their attributes or providing protection from fungal diseases and insects that effect cacao trees.
"Our analysis of the Criollo genome has uncovered the genetic basis of pathways leading to the most important quality traits of chocolate -- oil, flavonoid and terpene biosynthesis," said Siela Maximova, associate professor of horticulture, Penn State, and a member of the research team. "It has also led to the discovery of hundreds of genes potentially involved in pathogen resistance, all of which can be used to accelerate the development of elite varieties of cacao in the future."
Because the Criollo trees are self-pollinating, they are generally highly homozygous, possessing two identical forms of each gene, making this particular variety a good choice for accurate genome assembly.
The researchers assembled 84 percent of the genome identifying 28,798 genes that code for proteins. They assigned 88 percent or 23,529 of these protein-coding genes to one of the 10 chromosomes in the Criollo cacao tree. They also looked at microRNAs, short noncoding RNAs that regulate genes, and found that microRNAs in Criollo are probably major regulators of gene expression.
"Interestingly, only 20 percent of the genome was made up of transposable elements, one of the natural pathways through which genetic sequences change," said Guiltinan "They do this by moving around the chromosomes, changing the order of the genetic material. Smaller amounts of transposons than found in other plant species could lead to slower evolution of the chocolate plant, which was shown to have a relatively simple evolutionary history in terms of genome structure."
Guiltinan and his colleagues are interested in specific gene families that could link to specific cocoa qualities or disease resistance. They hope that mapping these gene families will lead to a source of genes directly involved in variations in the plant that are useful for acceleration of plant breeding programs.
The researchers identified two types of disease resistance genes in the Criollo genome. They compared these to previously identified regions on the chromosomes that correlate with disease resistance -- QTLs -- and found that there was a correlation between many the resistance genes' QTL locations. The team suggests that a functional genomics approach, one that looks at what the genes do, is needed to confirm potential disease resistant genes in the Criollo genome.
Hidden in the genome the researchers also found genes that code for the production of cocoa butter, a substance highly prized in chocolate making, confectionary, pharmaceuticals and cosmetics. Most cocoa beans are already about 50 percent fat, but these 84 genes control not only the amounts but quality of the cocoa butter.
Other genes were found that influence the production of flavonoids, natural antioxidants and terpenoids, hormones, pigments and aromas. Altering the genes for these chemicals might produce chocolate with better flavors, aromas and even healthier chocolate.
Penn State researchers involved in this study include Guiltinan and Maximova; Yufan Zhang and Zi Shi, graduate students, plant biology; Stephen Schuster, Department of Biochemistry and Molecular Biology; John E. Carlson, School of Forest Resources and M.J. Axtell and Z. Ma, Department of Biology.
Other researchers involved were from CIRAD; Institut National de la Recherche Agronomique UMR; Genoscope; Centre National de la Recherche Scientifique; Centre National de Genotypage; Universite d'Evry; INRA-CNRS LIPM Laboratoire des Interactions Plantes Micro-organismes; Universite de Perpignan; Unite de Biometrie et d'Intelligence Artificielle; Institut des Sciences du Vegetal; and Chocolaterie Valrhona, all in France.
Also included are researchers from the University of Arizona; Cold Spring Harbor Laboratory; Centre National de la Recherche Agronomique, Ivory Coast; CEPLAC, Brazil; and Centro Nacional de Biotecnologia Agricola, Instituto de Estudios Avanzados, Venezuela.
CIRAD, the Agropolis foundation, the Région Languedoc Roussillon, Agence Nationale de la Recherche (ANR), Valrhona, the Venezuelan Ministry of Science, Technology and Industry, Hershey Corp., the American Cocoa Research Institute Endowment and the National Science Foundation supported this work.
The Theobroma cacao genome sequences are deposited in the EMB:/Genbank/DDBJ databases under accession numbers CACC01000001-CACC01025912. A genome browser and further information on the project are available from and
Orchard Rd malls report 15-20% increase in Christmas sales
SINGAPORE : Retailers in Singapore's premier shopping belt, Orchard Road, certainly have much to cheer about this Christmas.
Many are reporting a 15 to 20 per cent increase in takings for December compared to last year, according to the Orchard Road Business Association (ORBA).
ORBA's Executive Director Steven Goh said this is the best performance in the last five years, based on earnings from the first 25 days of December.
And the tills are expected to keep ringing, with the start of the post-holiday sales on Sunday.
Thousands of shoppers thronged Orchard Road on Boxing Day.
ORBA estimates there has been a 15 per cent increase in the number of shoppers this year.
It said this is due to more tourists from the region, such as Indonesia and Malaysia, spending Christmas in Singapore - a likely spillover from the opening of the two integrated resorts.
A better economy and bigger bonuses have also seen locals more willing to spend on Christmas presents and shopping.
One shopper said: "I am looking out for clothes and River Island, because they have a 50 per cent discount."
Another commented: "Every year, we have been coming here at Christmas time."
A third noted: "I am looking for anything that is cheap, anything that gives a discount, anything that is interesting."
An afternoon shower threatened to drive shoppers indoors, but most took the rapid change in weather in their stride.
Even the rain could not keep the crowd away from Singapore's premier shopping belt, with shoppers on the hunt for the perfect bargain. Shops in Orchard Road have trotted out huge discounts, with some places offering discounts of up to 80 per cent.
Delete recent contacts in Lotus Notes 8.5 client
To delete recent contacts in Lotus Notes client:
1) Go to Home and select Contacts
2) Select Recent Contacts
3) Select the contact(s) and delete.
How businesses cope with COE spike
SINGAPORE: With COE premiums reaching 10-year highs, affected businesses are coming up with new ways to cope with the situation.
High COE premiums and high fuel costs are making those in the courier and delivery services come up with cost-effective ways of doing business.
These include buying second hand models or renting them.
WARP Logistics Trading and Services operations executive Paul Ng said: "If we buy a new vehicle, it would cost much more than we would rent for a particular month".
"(If) we have more business in a particular month, we would just rent (a vehicle) so that we won't (be burdened by extra costs) when that month is over".
Delivery companies say they may have to increase fees by 20 per cent next year to pay for rising operating expenses - especially when they have to cope with other costs like road tax, parking and ERP changes.
For moving company Astro Movers, brisk business from an improving economy does not mean fatter profits.
That's because orders were taken prior to costs going up.
Astro Movers operations manager Rashidi Mohd Noor said: "We are trying to keep our prices low for customers by absorbing most of it - like GST because the competition is very tight, so we have to keep our prices low for our valued customers".
Parallel importers have also come up with new ways to increase sales - such as sharing the cost of COE premiums with buyers.
Some dealers are resorting to selling second hand cars, as their prices are more stable.
COE surge raises eyebrows
SINGAPORE: Questions have arisen on whether there were speculative elements behind the recent sharp rises in COE premiums.
Government Parliamentary Committee Chairman for Transport Lim Wee Kiak told Channel NewsAsia that he's filed a question on the issue to be addressed by the Transport Minister at the next Parliamentary sitting.
COE premiums have been on the rise, going over the S$70,000 mark in the latest bidding exercise.
Many said they wanted to know what caused the recent surge.
"With the sudden run in prices over the last two bidding sessions, I hope that the LTA (Land Transport Authority) will be looking very closely into the bidding patterns as well as who are the ones that are bidding these COE prices up.
"Are they individuals or are they the car dealers themselves?" Dr Lim said.
Dr Lim added if there are speculative elements like what was seen 10 years ago, then the government may need to step in.
He also had suggestions to improve the current system.
"Treat every single COE as a separate bidding, which means that when you bid for it you pay the actual price for what you bid," he said.
"Rather than the current system where you pay the lowest, not the highest.
"You may bid S$100,000 but when the actual lowest is 72,000, you pay 72,000. So let the buyer bid for what they want to pay."
Another suggestion is curbing vehicle financing - that is, lowering it back to 70 per cent of the value of the vehicle.
Dr Lim noted there are calls to make COE "non-financeable" - meaning you pay for the COE in cash, upfront.
Dr Lim also expressed sympathy for the Motor Traders Association which had asked the Government to mitigate the steep climb in COE premiums.
But he said the system should be allowed to work.
Dr Lim said there could be implications if COE premiums remain high.
That's because those aspiring to own cars could blame the government's policy for the situation.
BTO project in Punggol launched
SINGAPORE: The Housing & Development Board (HDB) has launched another Build-To-Order (BTO) project - the Punggol Topaz with 1,010 standard flats - in Punggol.
HDB said 95 per cent of the flat supply would be set aside for first-timer households.
With the launch on Wednesday, HDB would have offered a total of 17,713 new flats for sale under the BTO and Sale of Balance Flat exercise in 2010.
Punggol Topaz, located along Punggol Way and Punggol Field, comprises 184 units of three-room, 542 units of four-room and 284 units of five-room flats.
Facilities to be provided at this development include a supermarket, an eating house, shops, a child care centre, and a Residents' Committee Centre.
Other facilities available in Punggol town to serve the future residents include the nearby Punggol MRT/LRT station, bus interchange, and the future town centre.
The Tampines Expressway (TPE) and Kallang-Paya Lebar Expressway (KPE) are a short drive away, offering good connectivity to the rest of Singapore.
In line with HDB's plans to develop Punggol as an Eco-Town, Punggol Topaz is designed for Green Mark Certification, with eco-friendly features.
The layout of blocks and units is oriented to minimise heat gain from the sun.
It is designed with ecologically friendly features such as dry ponds and rain gardens that help to maintain the quality of surface runoff from rainwater before it is discharged into the drainage system.
The selling prices for the flats range from S$166,000 to S$207,000 for a three-room flat, S$267,000 to S$329,000 for a four-room flat and S$335,000 to S$406,000 for a five-room flat.
For 2011, HDB said it is prepared to launch up to 22,000 new BTO flats, if demand is sustained.
In the first quarter of next year, HDB will launch about 5,000 BTO flats. These BTO flats will be located in towns such as Bukit Panjang, Jurong West, Yishun and Sengkang.
The next BTO launch in January 2011 will offer 1,700 flats in Bukit Batok and Yishun.
Mariah Carey - Hark! The Herald Angels Sing - Gloria (In Excelsis Deo)
Hark! The herald angels sing
Glory to the new born King
Peace on earth and mercy mild
God and sinners reconciled
Joyful all ye nations rise
Join the triumph of the skies
With angelic host proclaim
Christ is born in Bethlehem
Hark! The herald angels sing
Glory to the new born King
To the new born King
In Excelsis Deo
In Excelsis Deo
In Excelsis Deo
Analysts confident S'pore will achieve 4-5% GDP growth in 2011
SINGAPORE: Analysts are confident Singapore will achieve about five per cent Gross Domestic Product (GDP) growth for the whole of next year.
Economists said that is a very strong number, coming after a 15 per cent expansion estimated for 2010. But they warn of possible risks such as inflation, which might be a drag on the city-state's economy.
Economists have said that 2010's growth was uncharacteristic and unsustainable.
Leong Wai Ho, Senior Regional Economist with Barclays Capital, said: "The vital signs for the economy are still healthy. I would see it as a moderation, back to a more sustainable growth path."
Electronics, analysts said, is set to lead the growth path for Singapore, contributing about 25 per cent in 2011.
Mr Leong, said: "Next year, we'll see the release of new technologies by Intel. As you know Intel is releasing its Sandy Bridge micro processors and the promise of a one-time quantum leap in terms of PC performance. And that quantum leap we think will propel world electronics demand, replacement demand for PCs, for IT products to gradually improve through the course of 2011.
"It matters a lot for Asia particularly countries like Taiwan, Korea and also electronics producers like Singapore which manufactures some of the components that go into PCs, for example, integrated circuits."
However, a strong Singapore currency, a tight labour market and rising costs could affect growth.
Kelvin Tay, Singapore Chief Investment Strategist with Wealth Management Research at UBS AG, said: "We expect inflation to be in the region of between three to four per cent. Of course a stronger currency will mean that some aspects of the economy will be impacted more than others.
"For instance, I think the retail sector will be impacted negatively. And the reason for that is that with a stronger Singapore dollar, I think a lot of Singaporeans will take the shopping overseas. Also you're going to get tourists spending less in Singapore.
"The risk of inflation is coming in from two sources. One, quite rightly as you pointed out is China inflating itself, two, you're still seeing a lot of capital inflows coming into this region. If you have a lot of inflows coming in, then naturally, that in turn might potentially spike asset bubble somewhere down the line."
Some analysts however are confident that the volatile pharmaceutical cluster will continue to make contributions to the economy, while new production plants and shopping malls are expected to produce benefits which are set to roll over into 2011. The opening of the two integrated resorts like Marina Bay Sands have also contributed significantly to Singapore's economy in 2010.
Going into 2011, analysts expect the IRs to continue to help boost the economy as it attracts more visitors, especially for meetings and conventions, leading to increased spending. Some experts said that another sector to watch for is the financial services industry which is expected to do well in 2011.
The sector contributes about 15 per cent to Singapore's economy now and analysts expect the financial services industry to grow over 20 per cent within three years.
The government has said it expects Singapore's economic growth in 2011 to be between four and six per cent.
爱情折扣 LOVE 50%
Taiwanese successful actuary Chung Wen Kai lives a life free of any unnecessary risks, or calculated ones if any. Wen Kai plans to pay Sandra, his rich girlfriend who has been away in Singapore for a business trip, a surprise visit on Valentine's Day. Wen Kai also plans to propose to Sandra. What Wen Kai did not plan for was to have lost the diamond ring at the airport.
Wen Kai also did not plan to meet Haney Goh, whom Wen Kai will "partner" reluctantly in order to buy a new diamond ring for Sandra at couple-only 50% Valentine's Day special discount at a jewellery shop in Singapore. While stepping out of the jewellery shop, the "couple" are robbed and Wen Kai loses all his valuables including a phone which Haney took to throw at the robbers. Feeling sorry for Wen Kai, Haney decides to help Wen Kai in completing his goal to propose to Sandra.
Proving that love lurks in the unlikeliest of places, LOVE 50% ... is a story about two people not looking for love but falling into it nonetheless.
Chung Wen Kai (Kingone Wang)
30, one of youngest and best insurance actuary in Taiwan, dislikes unnecessary risks in life and loves his well plan career- including marrying Sandra, his big boss's daughter. Allergic to apples, he meets Haney Goh in Singapore, and his life turns up-side-down in just one day.
Haney Goh (Felicia Chin)
25, loves eating apples, appearing cheerful and simple minded, but who is actually hiding her misery from a secret affair with Dave, a married man. She meets Wen Kai and helps him to fulfil his goals, without realizing that it helps her too.
Sandra Wang (Celest Chong)
30, Wen Kai's girlfriend, a career minded lady, the only daughter of the boss of a Taiwanese insurance company. She likes Wen Kai as they are the same kind of people- calm and logical.
Solstice lunar eclipse set for December 21st
Solstice lunar eclipse set for December 21st
December 17, 2010 by Dr. Tony Phillips
A similar lunar eclipse in Nov. 2003. Credit: Jim Fakatselis
Everyone knows that "the moon on the breast of
new-fallen snow gives the luster of mid-day to objects below." That is,
except during a lunar eclipse.
See for yourself on Dec. 21st, the first day of northern winter, when the full Moon
passes almost dead-center through Earth's shadow. For 72 minutes of
eerie totality, an amber light will play across the snows of North
America, throwing landscapes into an unusual state of ruddy shadow.
The eclipse begins on Tuesday morning, Dec. 21st, at 1:33 am EST (Monday, Dec. 20th, at 10:33 pm PST).
At that time, Earth's shadow will appear as a dark-red bite at the edge of the lunar disk. It takes about an hour for the "bite" to expand and swallow the entire Moon. Totality commences at 02:41 am EST (11:41 pm PST) and lasts for 72 minutes.
If you're planning to dash out for only one quick look - it is December, after all - choose this moment: 03:17 am EST (17 minutes past midnight PST). That's when the Moon will be in deepest shadow, displaying the most fantastic shades of coppery red.

The eclipse begins on Tuesday morning, Dec. 21st, at 1:33 am EST (Monday, Dec. 20th, at 10:33 pm PST).
At that time, Earth's shadow will appear as a dark-red bite at the edge of the lunar disk. It takes about an hour for the "bite" to expand and swallow the entire Moon. Totality commences at 02:41 am EST (11:41 pm PST) and lasts for 72 minutes.
If you're planning to dash out for only one quick look - it is December, after all - choose this moment: 03:17 am EST (17 minutes past midnight PST). That's when the Moon will be in deepest shadow, displaying the most fantastic shades of coppery red.

first to last bite, the eclipse favors observers in North America. The
entire event can be seen from all points on the continent. Credit: F.
Espenak, NASA/GSFC.
Why red?
A quick trip to the Moon provides the answer: Imagine yourself standing on a dusty lunar plain looking up at the sky. Overhead hangs Earth, nightside down, completely hiding the sun behind it. The eclipse is underway. You might expect Earth seen in this way to be utterly dark, but it's not. The rim of the planet is on fire! As you scan your eye around Earth's circumference, you're seeing every sunrise and every sunset in the world, all of them, all at once. This incredible light beams into the heart of Earth's shadow, filling it with a coppery glow and transforming the Moon into a great red orb.
Back on Earth, the shadowed Moon paints newly fallen snow with unfamiliar colors--not much luster, but lots of beauty.
Enjoy the show.
A quick trip to the Moon provides the answer: Imagine yourself standing on a dusty lunar plain looking up at the sky. Overhead hangs Earth, nightside down, completely hiding the sun behind it. The eclipse is underway. You might expect Earth seen in this way to be utterly dark, but it's not. The rim of the planet is on fire! As you scan your eye around Earth's circumference, you're seeing every sunrise and every sunset in the world, all of them, all at once. This incredible light beams into the heart of Earth's shadow, filling it with a coppery glow and transforming the Moon into a great red orb.
Back on Earth, the shadowed Moon paints newly fallen snow with unfamiliar colors--not much luster, but lots of beauty.
Enjoy the show.
Provided by Science@NASA
Back on Earth, the shadowed Moon paints newly fallen snow with unfamiliar colors--not much luster, but lots of beauty.
Enjoy the show.
Provided by Science@NASA
Chris Tomlin - O, Come All Ye Faithful
Microsoft Security Bulletin Summary for December 2010
Published: December 14, 2010
Version: 1.0
This bulletin summary lists security bulletins released for December 2010.
With the release of the security bulletins for December 2010, this bulletin summary replaces the bulletin advance notification originally issued December 9, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
Microsoft is hosting a webcast to address customer questions on these bulletins on December 15, 2010, at 11:00 AM Pacific Time (US & Canada). Register now for the December Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Bulletin Information
![]() | Executive Summaries |
The following table summarizes the security bulletins for this month in order of severity.
For details on affected software, see the next section, Affected Software and Download Locations.
For details on affected software, see the next section, Affected Software and Download Locations.
Bulletin ID | Bulletin Title and Executive Summary | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
Cumulative Security Update for Internet Explorer (2416400)
This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Remote Code Execution |
Requires restart
Microsoft Windows,
Internet Explorer | |
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Remote Code Execution |
Requires restart
Microsoft Windows
| |
Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Elevation of Privilege |
Requires restart
Microsoft Windows
| |
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
This security update resolves a publicly disclosed vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. |
Remote Code Execution |
May require restart
Microsoft Windows
| |
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
This security update resolves a publicly disclosed vulnerability in Windows Media Encoder. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. |
Remote Code Execution |
May require restart
Microsoft Windows
| |
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. |
Remote Code Execution |
Requires restart
Microsoft Windows
| |
Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
This security update resolves a publicly disclosed vulnerability in Windows Address Book. The vulnerability could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. |
Remote Code Execution |
May require restart
Microsoft Windows
| |
Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. The vulnerability could allow remote code execution if a user opens an .ins or .isp file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. |
Remote Code Execution |
May require restart
Microsoft Windows
| |
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. |
Elevation of Privilege |
Requires restart
Microsoft Windows
| |
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
This security update addresses a privately reported vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Elevation of Privilege |
Requires restart
Microsoft Windows
| |
Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Elevation of Privilege |
May require restart
Microsoft Windows
| |
Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability. |
Denial of Service |
Requires restart
Microsoft Windows
| |
Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Denial of Service |
Requires restart
Microsoft Windows
| |
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Remote Code Execution |
May require restart
Microsoft Office
| |
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007. |
Remote Code Execution |
May require restart
Microsoft SharePoint
| |
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
This security update resolves seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Remote Code Execution |
May require restart
Microsoft Office
| |
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Denial of Service |
May require restart
Microsoft Exchange
![]() | Exploitability Index |
following table provides an exploitability assessment of each of the
vulnerabilities addressed this month. The vulnerabilities are listed in
order of decreasing exploitability assessment level then CVE ID. Only
vulnerabilities that have a severity rating of Critical or Important in
the bulletins are included.
How do I use this table?
Use this table to learn about the likelihood of functioning exploit code being released within 30 days of security bulletin release, for each of the security updates that you may need to install. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.
How do I use this table?
Use this table to learn about the likelihood of functioning exploit code being released within 30 days of security bulletin release, for each of the security updates that you may need to install. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.
Bulletin ID | Vulnerability Title | CVE ID | Exploitability Index Assessment | Key Notes |
Size Value Heap Corruption in pubconv.dll Vulnerability
1 - Consistent exploit code likely
| ||
Heap Overrun in pubconv.dll Vulnerability
1 - Consistent exploit code likely
| ||
Internet Connection Signup Wizard Insecure Library Loading Vulnerability
1 - Consistent exploit code likely
This vulnerability has been disclosed publicly
| ||
Insecure Library Loading Vulnerability
1 - Consistent exploit code likely
This vulnerability has been disclosed publicly
| ||
Task Scheduler Vulnerability
1 - Consistent exploit code likely
This vulnerability is being exploited in the Internet ecosystem
| ||
HTML Object Memory Corruption Vulnerability
1 - Consistent exploit code likely
| ||
HTML Object Memory Corruption Vulnerability
1 - Consistent exploit code likely
| ||
HTML Element Memory Corruption Vulnerability
1 - Consistent exploit code likely
| ||
HTML Element Memory Corruption Vulnerability
1 - Consistent exploit code likely
| ||
Win32k Buffer Overflow Vulnerability
1 - Consistent exploit code likely
This vulnerability has been disclosed publicly
| ||
Win32k PFE Pointer Double Free Vulnerability
1 - Consistent exploit code likely
| ||
Win32k Cursor Linking Vulnerability
1 - Consistent exploit code likely
| ||
Win32k Memory Corruption Vulnerability
1 - Consistent exploit code likely
| ||
FlashPix Image Converter Buffer Overflow Vulnerability
1 - Consistent exploit code likely
| ||
OpenType Font Double Free Vulnerability
1 - Consistent exploit code likely
| ||
OpenType CMAP Table Vulnerability
1 - Consistent exploit code likely
| ||
Consent UI Impersonation Vulnerability
1 - Consistent exploit code likely
| ||
Uninitialized Memory Corruption Vulnerability
1 - Consistent exploit code likely
This vulnerability is currently being exploited in the Internet ecosystem
| ||
Kernel NDProxy Buffer Overflow Vulnerability
1 - Consistent exploit code likely
| ||
Malformed Request Code Execution Vulnerability
1 - Consistent exploit code likely
| ||
Insecure Library Loading Vulnerability
1 - Consistent exploit code likely
This vulnerability has been disclosed publicly
| ||
BranchCache Insecure Library Loading Vulnerability
1 - Consistent exploit code likely
| ||
Insecure Library Loading Vulnerability
1 - Consistent exploit code likely
This vulnerability has been disclosed publicly
| ||
Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability
2 - Inconsistent exploit code likely
| ||
Win32k Double Free Vulnerability
2 - Inconsistent exploit code likely
| ||
Win32k WriteAV Vulnerability
2 - Inconsistent exploit code likely
| ||
CGM Image Converter Buffer Overrun Vulnerability
2 - Inconsistent exploit code likely
| ||
PICT Image Converter Integer Overflow Vulnerability
2 - Inconsistent exploit code likely
| ||
TIFF Image Converter Heap Overflow Vulnerability
2 - Inconsistent exploit code likely
| ||
TIFF Image Converter Buffer Overflow Vulnerability
2 - Inconsistent exploit code likely
| ||
TIFF Image Converter Memory Corruption Vulnerability
2 - Inconsistent exploit code likely
| ||
FlashPix Image Converter Heap Corruption Vulnerability
2 - Inconsistent exploit code likely
| ||
Array Indexing Memory Corruption Vulnerability
2 - Inconsistent exploit code likely
| ||
OpenType Font Index Vulnerability
2 - Inconsistent exploit code likely
| ||
Netlogon RPC Null dereference DOS Vulnerability
3 – Functioning exploit code unlikely
This is a Denial of Service vulnerability only
| ||
Exchange Server Infinite Loop Vulnerability
3 – Functioning exploit code unlikely
This is a Denial of Service vulnerability only
| ||
Microsoft Publisher Memory Corruption Vulnerability
3 – Functioning exploit code unlikely
| ||
Hyper-V VMBus Vulnerability
3 – Functioning exploit code unlikely
This is a Denial of Service vulnerability only
![]() | Affected Software and Download Locations |
The following tables list the bulletins in order of major software category and severity.
How do I use these tables?
Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation. If a software program or component is listed, then the available software update is hyperlinked and the severity rating of the software update is also listed.
Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system.
Notes for Windows Server 2008 and Windows Server 2008 R2
*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.
**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.
Note for MS10-093
[1]Windows Movie Maker 2.6 is an optional download that can be installed on the indicated operating systems.
Notes for MS10-105
[1]Customers using the indicated software also need to install the Microsoft Office update provided in MS10-087 to be protected from the vulnerabilities described in MS10-105.
[2]Severity ratings do not apply to this update because the vulnerabilities discussed in this bulletin do not affect this software. However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers of this software apply this security update.
How do I use these tables?
Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation. If a software program or component is listed, then the available software update is hyperlinked and the severity rating of the software update is also listed.
Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system.
![]() | Windows Operating System and Components |
Windows XP | |||||||||||||
Bulletin Identifier
| |||||||||||||
Aggregate Severity Rating
| |||||||
Windows XP Service Pack 3
Windows XP Service Pack 3
(Important) |
Not applicable
Not applicable
Windows Media Encoder 9 x86
(Important) |
Not applicable
Windows XP Service Pack 3
(Important) |
Windows XP Service Pack 3
(Important) |
Windows XP Service Pack 3
(Important) |
Windows XP Service Pack 3
(Important) |
Not applicable
Not applicable
Not applicable
| |
Windows XP Professional x64 Edition Service Pack 2
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
| |||||||
Windows Server 2003 | |||||||||||||
Bulletin Identifier
| |||||||||||||
Aggregate Severity Rating
| ||||||||
Windows Server 2003 Service Pack 2
Windows Server 2003 Service Pack 2
(Important) |
Not applicable
Not applicable
Windows Media Encoder 9 x86
(Important) |
Not applicable
Windows Server 2003 Service Pack 2
(Important) |
Windows Server 2003 Service Pack 2
(Important) |
Windows Server 2003 Service Pack 2
(Important) |
Windows Server 2003 Service Pack 2
(Important) |
Not applicable
Windows Server 2003 Service Pack 2
(Important) |
Not applicable
| |
Windows Server 2003 x64 Edition Service Pack 2
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
| ||||||||
Windows Server 2003 with SP2 for Itanium-based Systems
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
| |||||||
Windows Vista | |||||||||||||
Bulletin Identifier
| |||||||||||||
Aggregate Severity Rating
| ||||||||
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Movie Maker 2.6[1]
(Important) |
Windows Media Encoder 9 x86
(Important) |
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
| ||||||
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Movie Maker 2.6[1]
(Important) |
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
| |||||||
Windows Server 2008 | |||||||||||||
Bulletin Identifier
| |||||||||||||
Aggregate Severity Rating
| ||||||||
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Not applicable
Windows Media Encoder 9 x86**
(Important) |
Not applicable
Not applicable
Not applicable
Not applicable
| |||||||
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Not applicable
Not applicable
Not applicable
Not applicable
| |||||||||
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 7
(Critical) |
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
| |||||
Windows 7 | |||||||||||||
Bulletin Identifier
| |||||||||||||
Aggregate Severity Rating
| |||||||
Windows 7 for 32-bit Systems
Internet Explorer 8
(Critical) |
Windows 7 for 32-bit Systems
(Critical) |
Windows 7 for 32-bit Systems
(Important) |
Not applicable
Not applicable
Windows 7 for 32-bit Systems
(Important) |
Windows 7 for 32-bit Systems
(Important) |
Not applicable
Windows 7 for 32-bit Systems
(Important) |
Not applicable
Windows 7 for 32-bit Systems
(Important) |
Not applicable
Not applicable
Windows 7 for x64-based Systems
Internet Explorer 8
(Critical) |
Windows 7 for x64-based Systems
(Critical) |
Windows 7 for x64-based Systems
(Important) |
Not applicable
Not applicable
Windows 7 for x64-based Systems
(Important) |
Windows 7 for x64-based Systems
(Important) |
Not applicable
Windows 7 for x64-based Systems
(Important) |
Not applicable
Windows 7 for x64-based Systems
(Important) |
Not applicable
Not applicable
Windows Server 2008 R2 | |||||||||||||
Bulletin Identifier
| |||||||||||||
Aggregate Severity Rating
| |||||||||
Windows Server 2008 R2 for x64-based Systems
Internet Explorer 8**
(Critical) |
Windows Server 2008 R2 for x64-based Systems*
(Critical) |
Windows Server 2008 R2 for x64-based Systems*
(Important) |
Not applicable
Not applicable
Windows Server 2008 R2 for x64-based Systems*
(Important) |
Windows Server 2008 R2 for x64-based Systems**
(Important) |
Not applicable
Windows Server 2008 R2 for x64-based Systems*
(Important) |
Not applicable
Windows Server 2008 R2 for x64-based Systems**
(Important) |
Windows Server 2008 R2 for x64-based Systems*
(Important) |
Windows Server 2008 R2 for x64-based Systems*
(Important) |
Windows Server 2008 R2 for Itanium-based Systems
Internet Explorer 8
(Critical) |
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
Not applicable
*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.
**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.
Note for MS10-093
[1]Windows Movie Maker 2.6 is an optional download that can be installed on the indicated operating systems.
![]() | Microsoft Office Suites and Software |
Microsoft Office Suites and Components | ||
Bulletin Identifier
| ||
Aggregate Severity Rating
| ||
Microsoft Office XP Service Pack 3
| ||
Microsoft Office 2003 Service Pack 3
| ||
Microsoft Office 2007 Service Pack 2
| ||
Microsoft Office 2010 (32-bit editions)
| ||
Microsoft Office 2010 (64-bit editions)
| ||
Other Office Software | ||
Bulletin Identifier
| ||
Aggregate Severity Rating
| |
Microsoft Office Converter Pack
Not applicable
| |
Microsoft Works 9
Not applicable
[1]Customers using the indicated software also need to install the Microsoft Office update provided in MS10-087 to be protected from the vulnerabilities described in MS10-105.
[2]Severity ratings do not apply to this update because the vulnerabilities discussed in this bulletin do not affect this software. However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers of this software apply this security update.
![]() | Microsoft Server Software |
Microsoft SharePoint Server | ||
Bulletin Identifier
| ||
Aggregate Severity Rating
| |
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
Not applicable
| |
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
Not applicable
| |
Microsoft Exchange Server | ||
Bulletin Identifier
| ||
Aggregate Severity Rating
| |
Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
Not applicable
![]() | Detection and Deployment Tools and Guidance |
Security Central
Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization. For more information see the TechNet Update Management Center. The TechNet Security Center provides additional information about security in Microsoft products. Consumers can visit Security At Home, where this information is also available by clicking "Latest Security Updates".
Security updates are available from Microsoft Update and Windows Update. Security updates are also available at the Microsoft Download Center. You can find them most easily by doing a keyword search for "security update".
For customers of Microsoft Office for Mac, Microsoft AutoUpdate for Mac can help keep your Microsoft software up to date. For more information about using Microsoft AutoUpdate for Mac, see Check for software updates automatically.
Finally, security updates can be downloaded from the Microsoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. By searching using the security bulletin number (such as, "MS07-036"), you can add all of the applicable updates to your basket (including different languages for an update), and download to the folder of your choosing. For more information about the Microsoft Update Catalog, see the Microsoft Update Catalog FAQ.
Detection and Deployment Guidance
Microsoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, see Microsoft Knowledge Base Article 961747.
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For more information about MBSA, visit Microsoft Baseline Security Analyzer.
Windows Server Update Services
By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Microsoft Windows 2000 operating systems and later, Office XP and later, Exchange Server 2003, and SQL Server 2000 to Microsoft Windows 2000 and later operating systems.
For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services.
SystemCenter Configuration Manager 2007
Configuration Manager 2007 Software Update Management simplifies the complex task of delivering and managing updates to IT systems across the enterprise. With Configuration Manager 2007, IT administrators can deliver updates of Microsoft products to a variety of devices including desktops, laptops, servers, and mobile devices.
The automated vulnerability assessment in Configuration Manager 2007 discovers needs for updates and reports on recommended actions. The Software Update Management in Configuration Manager 2007 is built on Microsoft Windows Software Update Services (WSUS), a time-tested update infrastructure that is familiar to IT administrators worldwide. For more information about how administrators can use Configuration Manager 2007 to deploy updates, see Software Update Management. For more information about Configuration Manager, visit System Center Configuration Manager.
Systems Management Server 2003
Microsoft Systems Management Server (SMS) delivers a highly-configurable enterprise solution for managing updates. By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users.
Note System Management Server 2003 is out of mainstream support as of January 12, 2010. For more information on product lifecycles, visit . The next release of SMS, System Center Configuration Manager 2007, is now available; see the earlier section, SystemCenter Configuration Manager 2007.
For more information about how administrators can use SMS 2003 to deploy security updates, see Scenarios and Procedures for Microsoft Systems Management Server 2003: Software Distribution and Patch Management. For information about SMS, visit the Microsoft Systems Management Server TechCenter.
Note SMS uses the Microsoft Baseline Security Analyzer to provide broad support for security bulletin update detection and deployment. Some software updates may not be detected by these tools. Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems. For more information about this procedure, see Deploying Software Updates Using the SMS Software Distribution Feature. Some security updates require administrative rights following a restart of the system. Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack) to install these updates.
Update Compatibility Evaluator and Application Compatibility Toolkit
Updates often write to the same files and registry settings required for your applications to run. This can trigger incompatibilities and increase the time it takes to deploy security updates. You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit.
The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.
Other Information
Microsoft Windows Malicious Software Removal Tool
has released an updated version of the Microsoft Windows Malicious
Software Removal Tool on Windows Update, Microsoft Update, Windows
Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For information about non-security releases on Windows Update and Microsoft Update, please see:
• | Microsoft Knowledge Base Article 894199: Description of Software Update Services and Windows Server Update Services changes in content. Includes all Windows content. |
• | Updates from Past Months for Windows Server Update Services. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. |
Microsoft Active Protections Program (MAPP)
improve security protections for customers, Microsoft provides
vulnerability information to major security software providers in
advance of each monthly security update release. Security software
providers can then use this vulnerability information to provide updated
protections to customers via their security software or devices, such
as antivirus, network-based intrusion detection systems, or host-based
intrusion prevention systems. To determine whether active protections
are available from security software providers, please visit the active
protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
Security Strategies and Community
Update Management Strategies
Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates.
Obtaining Other Security Updates
Updates for other security issues are available from the following locations:
IT Pro Security Community
Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community.
Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates.
Obtaining Other Security Updates
Updates for other security issues are available from the following locations:
• | Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security update". |
• | Updates for consumer platforms are available from Microsoft Update. |
• | You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086. |
IT Pro Security Community
Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community.
Microsoft thanks the following for working with us to help protect customers:
• | Aniway of VeriSign iDefense Labs for reporting an issue described in MS10-090 |
• | Nicolas Joly of VUPEN Vulnerability Research Team for reporting an issue described in MS10-090 |
• | Stephen Fewer, working with TippingPoint's Zero Day Initiative, for reporting an issue described in MS10-090 |
• | Peter Vreugdenhil, working with TippingPoint's Zero Day Initiative, for reporting an issue described in MS10-090 |
• | Yosuke Hasegawa for working with us on an issue described in MS10-090 |
• | Jose Antonio Vazquez Gonzalez of VeriSign iDefense Labs for reporting an issue described in MS10-090 |
• | Marc Schoenefeld of the Red Hat Security Response Team, working with the Opera Security Team, for reporting an issue described in MS10-091 |
• | Marc Schoenefeld of the Red Hat Security Response Team for reporting an issue described in MS10-091 |
• | Paul-Kenji Cahier Furuya for reporting an issue described in MS10-091 |
• | Sergey Golovanov, Alexander Gostev, Maxim Golovkin, and Alexey Monastyrsky of Kaspersky Lab, and Vitaly Kiktenko and Alexander Saprykin of Design and Test Lab, for reporting an issue described in MS10-092 |
• | Liam O Murchu of Symantec for reporting an issue described in MS10-092 |
• | Alexandr Matrosov, Eugene Rodionov, Juraj Malcho and David Harley of ESET for reporting an issue described in MS10-092 |
• | Haifei Li of Fortinet's FortiGuard Labs for reporting an issue described in MS10-095 |
• | Simon Raner of ACROS Security for reporting an issue described in MS10-096 |
• | HD Moore of Rapid7 for reporting an issue described in MS10-096 |
• | Muhaimin Dzulfakar of NGS Software for reporting an issue described in MS10-096 |
• | Muhaimin Dzulfakar of NGS Software for reporting an issue described in MS10-097 |
• | Tarjei Mandt of Norman for reporting four issues described in MS10-098 |
• | Stéfan Le Berre of Sysdream for reporting an issue described in MS10-098 |
• | Honggang Ren of Fortinet's FortiGuard Labs for reporting an issue described in MS10-099 |
• | Cesar Cerrudo of Argeniss for reporting an issue described in MS10-100 |
• | Matthias Dieter Wallnöfer and Andrew Bartlett of The Samba Team for reporting an issue described in MS10-101 |
• | HP and techit for reporting an issue described in MS10-102 |
• | Chaouki Bekrar of VUPEN Vulnerability Research Team for reporting five issues described in MS10-103 |
• | Oleksandr Mirosh, working with TippingPoint's Zero Day Initiative, for reporting an issue described in MS10-104 |
• | Yamata Li of Palo Alto Networks for reporting two issues described in MS10-105 |
• | Alin Rad Pop of Secunia Research for reporting an issue described in MS10-105 |
• | Carsten Eiram of Secunia Research for reporting three issues described in MS10-105 |
• | Dyon Balding of Secunia Research for reporting two issues described in MS10-105 |
• | Oleksandr Mirosh, working with TippingPoint's Zero Day Initiative, for reporting an issue described in MS10-106 |
• | The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. |
• | Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support. |
• | International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support. |
information provided in the Microsoft Knowledge Base is provided "as
is" without warranty of any kind. Microsoft disclaims all warranties,
either express or implied, including the warranties of merchantability
and fitness for a particular purpose. In no event shall Microsoft
Corporation or its suppliers be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business
profits or special damages, even if Microsoft Corporation or its
suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not
• | V1.0 (December 14, 2010): Bulletin Summary published. |
