MVP Jubo Security Blog

The Blog

Recent Posts

Tags

News

  • Kim's Journal
    My wife's blog, the "alternative" truth...


    MVPs
    2003 - 2004 - 2005 - 2006 - 2007 - 2008 - 2009


    Jubo








    Locations of visitors to this page

Community

Email Notifications

MVP Sites

Microsoft Links

Blogs

Security Forums

Microsoft Blogs

Archives

Microsoft Security Bulletin Summary for October 2010

Microsoft just released the Security bulletin for October with a list of 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework.

Critical:

  • MS10-071 - Cumulative Security Update for Internet Explorer (2360131)
  • MS10-075 - Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
  • MS10-076 - Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
  • MS10-077 - Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)

Important:

  • MS10-072 - Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
  • MS10-073 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
  • MS10-078 - Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
  • MS10-079 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
  • MS10-080 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
  • MS10-081 - Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
  • MS10-082 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
  • MS10-083 - Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
  • MS10-084 - Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
  • MS10-085 - Vulnerability in SChannel Could Allow Denial of Service (2207566)

Moderate:

  • MS10-074 - Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
  • MS10-086 - Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security  website.

See also the MSRC blog: October 2010 Security Bulletin Release

If you do not have automatic updating turned on, or to check whether you need the update, go to Microsoft Update. Microsoft Update is an online tool that will scan your computer and provide you a report about what updates your computer needs.

More information is available at the website of Microsoft Security Response Center.

You know the drill: get your computer updated with these new patches. and yes, this time again from my favorite Starbucks in a surprisingly sunny Seattle. Have a wonderful day!