Windows 7 dodged a vulnerability affecting older versions of Windows, as it does not feature the vulnerable components. In fact, neither Windows 7 nor Windows Server 2008 R2 are affected in their default configuration, but despite this, MS10-030 is also available for the latest iterations of the Windows client and server platforms from Microsoft, with a severity rating of Important.
“MS10-030 is a Window-based update resolving one vulnerability affecting Outlook Express, Windows Mail and Windows Live Mail. Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 all have an aggregate severity rating of Critical,” Carlene Chmaj
, senior communications manager, Response Communications, Microsoft, revealed for Softpedia.
As Windows 7 users already know, the operating system doesn’t come with any Windows Live Essentials clients, or Outlook releases installed out of the box. Customers need to download and deploy the vulnerable applications mentioned by Chmaj in order to make Windows 7 vulnerable to attacks. However, now that the patch is available from Microsoft, the security flaw is no longer an issue for those that make sure to implement the update as soon as possible.
“Security bulletin MS10-031 addresses one vulnerability in Microsoft Visual Basic for Applications (VBA). This security update is rated Critical for all supported versions of Microsoft VBA SDK 6.0 and third-party applications that use Microsoft VBA,” Chmaj added.
The patch provided by the Redmond company is designed to alter the manner in which VBA combs ActiveX Controls embedded in documents. This particular security bulletin comes with a rating of Important for Office XP, Office 2003 and the Office 2007. Office 2010 is obviously not affected by the vulnerability, and a patch is not offered for customers already running it.