Author Topic: Microsoft Security Bulletin Advance Notification for October 2010  (Read 686 times)

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
For those who have their autoupdates turned off on their Windows XP / Vista / Windows 7 & other OS's

hope this helps  ( reference weblinks at bottom of the post )

Microsoft Security Bulletin Advance Notification for Tuesday October 12th, 2010

Microsoft TechNet Security

Posted Today, 02:26 PM

According to the Microsoft Security Response Center, Microsoft will issue 16 Security Bulletins addressing 49 vulnerabilities on Tuesday, October 12. It will also host a webcast to address customer questions the following day.

Four of the vulnerabilities are rated "Critical," 10 are marked "Important," and the last two are classified as "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least eight of the 16 patches will require a restart.

The list of affected operating systems includes Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, Office 2007, and Office 2010 are also being patched, as are the supported Mac versions: Office 2004 and Office 2008. Interestingly, Microsoft Office Web Apps is also included on the list; this is the first time we've seen it present.

Compared to last month's record Patch Tuesday, this one is massive. In fact, this is the highest number of bulletins Microsoft has ever released in one month, as well as the most vulnerabilities that are being fixed. The last record was just two months ago: 14 bulletins and 34 vulnerabilities. The exact breakdown of the bulletins follows:

        #            Rating                   Impact                                Affected software
        1          Critical           Remote Code Execution         IE6/7/8 on Windows XP/2003/Vista/2008/7/2008 R2
        2          Critical           Remote Code Execution         Windows Vista/7
        3          Critical           Remote Code Execution         Windows XP/2003/Vista/2008/7/2008 R2
        4          Critical           Remote Code Execution         32-bit unaffected: Windows XP/2003/Vista/2008/7/2008 R2
        5          Important       Information Disclosure           SharePoint Services 3.0/Server 2007/Foundation 2010
        6          Important       Elevation of Privilege             Windows XP/2003/Vista/2008/7/2008 R2
        7          Important       Elevation of Privilege             Windows XP/2003
        8          Important       Remote Code Execution         Office XP/2003/2007/2010, Office 2004/2008 for Mac
        9          Important       Remote Code Execution         Office XP/2003/2007, Office 2004/2008 for Mac
        10        Important       Remote Code Execution          Windows XP/2003/Vista/2008/7/2008 R2
        11        Important       Remote Code Execution          Itanium unaffected: Windows XP/2003/Vista/2008/7/2008 R2
        12        Important       Remote Code Execution          Windows XP/2003/Vista/2008/7/2008 R2
        13        Important       Elevation of Privilege              Windows XP/2003
        14        Important       Denial of Service                   Windows Vista/2008/7/2008 R2
        15        Moderate        Remote Code Execution          Windows XP/2003/Vista/2008/7/2008 R2
        16        Moderate        Tampering                            Windows Server 2008 R2

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

* One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
* One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
* An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

 This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches or to pull them as it deems necessary.


 View:
Original Article --->  Microsoft TechNet Security

http://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx

Secondary Reference ---->   arstechnica

http://arstechnica.com/microsoft/news/2010/10/october-2010-patch-tuesday-will-come-with-most-bulletins-ever.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

http://arstechnica.com/microsoft/
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline Denholm

  • Plutonium Member
  • *******
  • Posts: 9667
      • No. 603 Squadron
Re: Microsoft Security Bulletin Advance Notification for October 2010
« Reply #1 on: October 07, 2010, 10:45:36 PM »
Thanks for the heads up.
Get your Daily Dose of Flame!
FlameThink.com
No. 603 Squadron... Visit us on the web, if you dare.

Drug addicts are always disappointed after eating Pot Pies.

Offline Stoney

  • Gold Member
  • *****
  • Posts: 3482
Re: Microsoft Security Bulletin Advance Notification for October 2010
« Reply #2 on: October 14, 2010, 05:53:29 AM »
Did any of this affect MS Security Essentials?  My computer restarted overnight from an update, and now the MS Security Essentials is hung up on two autoupdate programs I have (googleupdate and my Quickbooks autoupdate) and I can't get it to just ignore them.  Unless I hit some sort of Trojan that screwed me up, and looks exactly like MS Security Essentials, I'm at a loss...
"Can we be incorrect at times, absolutely, but I do believe 15 years of experience does deserve a little more credence and respect than you have given from your very first post."

HiTech

Offline Stoney

  • Gold Member
  • *****
  • Posts: 3482
Re: Microsoft Security Bulletin Advance Notification for October 2010
« Reply #3 on: October 14, 2010, 06:45:13 AM »
Upon further review, looks like its a trojan of some sort.  (sigh)...  Have no problems for the last two years...oh well...  Looks like a fresh install is in my future...
"Can we be incorrect at times, absolutely, but I do believe 15 years of experience does deserve a little more credence and respect than you have given from your very first post."

HiTech