Aces High Bulletin Board

General Forums => Hardware and Software => Topic started by: TequilaChaser on October 07, 2010, 09:07:27 PM

Title: Microsoft Security Bulletin Advance Notification for October 2010
Post by: TequilaChaser on October 07, 2010, 09:07:27 PM

For those who have their autoupdates turned off on their Windows XP / Vista / Windows 7 & other OS's

hope this helps  ( reference weblinks at bottom of the post )

Microsoft Security Bulletin Advance Notification for Tuesday October 12th, 2010

Microsoft TechNet Security

Posted Today, 02:26 PM

According to the Microsoft Security Response Center, Microsoft will issue 16 Security Bulletins addressing 49 vulnerabilities on Tuesday, October 12. It will also host a webcast to address customer questions the following day.

Four of the vulnerabilities are rated "Critical," 10 are marked "Important," and the last two are classified as "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least eight of the 16 patches will require a restart.

The list of affected operating systems includes Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, Office 2007, and Office 2010 are also being patched, as are the supported Mac versions: Office 2004 and Office 2008. Interestingly, Microsoft Office Web Apps is also included on the list; this is the first time we've seen it present.

Compared to last month's record Patch Tuesday, this one is massive. In fact, this is the highest number of bulletins Microsoft has ever released in one month, as well as the most vulnerabilities that are being fixed. The last record was just two months ago: 14 bulletins and 34 vulnerabilities. The exact breakdown of the bulletins follows:

        #            Rating                   Impact                                Affected software
        1          Critical           Remote Code Execution         IE6/7/8 on Windows XP/2003/Vista/2008/7/2008 R2
        2          Critical           Remote Code Execution         Windows Vista/7
        3          Critical           Remote Code Execution         Windows XP/2003/Vista/2008/7/2008 R2
        4          Critical           Remote Code Execution         32-bit unaffected: Windows XP/2003/Vista/2008/7/2008 R2
        5          Important       Information Disclosure           SharePoint Services 3.0/Server 2007/Foundation 2010
        6          Important       Elevation of Privilege             Windows XP/2003/Vista/2008/7/2008 R2
        7          Important       Elevation of Privilege             Windows XP/2003
        8          Important       Remote Code Execution         Office XP/2003/2007/2010, Office 2004/2008 for Mac
        9          Important       Remote Code Execution         Office XP/2003/2007, Office 2004/2008 for Mac
        10        Important       Remote Code Execution          Windows XP/2003/Vista/2008/7/2008 R2
        11        Important       Remote Code Execution          Itanium unaffected: Windows XP/2003/Vista/2008/7/2008 R2
        12        Important       Remote Code Execution          Windows XP/2003/Vista/2008/7/2008 R2
        13        Important       Elevation of Privilege              Windows XP/2003
        14        Important       Denial of Service                   Windows Vista/2008/7/2008 R2
        15        Moderate        Remote Code Execution          Windows XP/2003/Vista/2008/7/2008 R2
        16        Moderate        Tampering                            Windows Server 2008 R2

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

* One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
* One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
* An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

 This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches or to pull them as it deems necessary.


 View:
Original Article --->  Microsoft TechNet Security

http://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx

Secondary Reference ---->   arstechnica

http://arstechnica.com/microsoft/news/2010/10/october-2010-patch-tuesday-will-come-with-most-bulletins-ever.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

http://arstechnica.com/microsoft/

Title: Re: Microsoft Security Bulletin Advance Notification for October 2010
Post by: Denholm on October 07, 2010, 10:45:36 PM

Thanks for the heads up.

Title: Re: Microsoft Security Bulletin Advance Notification for October 2010
Post by: Stoney on October 14, 2010, 05:53:29 AM

Did any of this affect MS Security Essentials?  My computer restarted overnight from an update, and now the MS Security Essentials is hung up on two autoupdate programs I have (googleupdate and my Quickbooks autoupdate) and I can't get it to just ignore them.  Unless I hit some sort of Trojan that screwed me up, and looks exactly like MS Security Essentials, I'm at a loss...

Title: Re: Microsoft Security Bulletin Advance Notification for October 2010
Post by: Stoney on October 14, 2010, 06:45:13 AM

Upon further review, looks like its a trojan of some sort.  (sigh)...  Have no problems for the last two years...oh well...  Looks like a fresh install is in my future...