DP's Security Bits

Summary

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010.

More...

What’s New in Firefox 3.6.12

Firefox 3.6.12 fixes a critical security issue that could potentially allow remote code execution.

Summary

The following bulletin has undergone a minor revision.
Please see the appropriate bulletin for more details.

* MS10-077 - Critical

Bulletin Information:

* MS10-077 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx
- Reason for Revision: V1.2 (October 26, 2010): Revised this
bulletin to announce a detection change to fix an
installation issue. This is a detection change only. There
were no changes to the security update. Customers who have
already installed the update successfully do not need to reinstall.
- Originally posted: October 12, 2010
- Updated: October 26, 2010
- Bulletin Severity Rating: Critical
- Version: 1.2

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions.

http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html

What’s New in Firefox 3.6.11

Language(s):        English.
Product(s):     Security.
Audience(s):     IT Decision Maker,IT Generalist.
   
Duration:     90 Minutes
Start Date:  Wednesday, October 13, 2010 11:00 AM Pacific Time (US & Canada)

Event Overview

Join us for a brief overview of the technical details of the October security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Jonathan Ness, Principle Security SDE Lead, MSRC, Microsoft Corporation

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···oct.mspx

Critical (4)

Microsoft Security Bulletin MS10-071
Cumulative Security Update for Internet Explorer (2360131)
»www.microsoft.com/technet/securi···071.mspx

Microsoft Security Bulletin MS10-075
Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
»www.microsoft.com/technet/securi···075.mspx

Microsoft Security Bulletin MS10-076
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
»www.microsoft.com/technet/securi···076.mspx

Microsoft Security Bulletin MS10-077
Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
»www.microsoft.com/technet/securi···077.mspx

Important (10)

Microsoft Security Bulletin MS10-072
Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
»www.microsoft.com/technet/securi···072.mspx

Microsoft Security Bulletin MS10-073
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
»www.microsoft.com/technet/securi···073.mspx

Microsoft Security Bulletin MS10-078
Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
»www.microsoft.com/technet/securi···078.mspx

Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
»www.microsoft.com/technet/securi···079.mspx

Microsoft Security Bulletin MS10-080
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
»www.microsoft.com/technet/securi···080.mspx

Microsoft Security Bulletin MS10-081
»www.microsoft.com/technet/securi···081.mspx
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)

Microsoft Security Bulletin MS10-082
Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
»www.microsoft.com/technet/securi···082.mspx

Microsoft Security Bulletin MS10-083
Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
»www.microsoft.com/technet/securi···083.mspx

Microsoft Security Bulletin MS10-084
Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
»www.microsoft.com/technet/securi···084.mspx

Microsoft Security Bulletin MS10-085
Vulnerability in SChannel Could Allow Denial of Service (2207566)
»www.microsoft.com/technet/securi···085.mspx

Moderate (2)

Microsoft Security Bulletin MS10-074
Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
»www.microsoft.com/technet/securi···074.mspx

Microsoft Security Bulletin MS10-086
Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
»www.microsoft.com/technet/securi···086.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Microsoft Security Bulletin Advance Notification issued: October 7, 2010

This is an advance notification of 16 security bulletins that Microsoft is intending to release on October 12, 2010.

4 rated as Critical
10 rated as Important
2 rated as Moderate

http://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx