October 2010 Patch Tuesday will come with most bulletins ever
According to the Microsoft Security Response Center, Microsoft will
issue 16 Security Bulletins addressing 49 vulnerabilities on Tuesday,
October 12. It will also host a webcast to address customer questions
the following day.
Four of the vulnerabilities are rated "Critical," 10 are marked "Important," and the last two are classified as "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least eight of the 16 patches will require a restart.
The list of affected operating systems includes Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, Office 2007, and Office 2010 are also being patched, as are the supported Mac versions: Office 2004 and Office 2008. Interestingly, Microsoft Office Web Apps is also included on the list; this is the first time we've seen it present.
Compared to last month's record Patch Tuesday, this one is massive. In fact, this is the highest number of bulletins Microsoft has ever released in one month, as well as the most vulnerabilities that are being fixed. The last record was just two months ago: 14 bulletins and 34 vulnerabilities. The exact breakdown of the bulletins follows:
Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:
- wong chee tat :)
Four of the vulnerabilities are rated "Critical," 10 are marked "Important," and the last two are classified as "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least eight of the 16 patches will require a restart.
The list of affected operating systems includes Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, Office 2007, and Office 2010 are also being patched, as are the supported Mac versions: Office 2004 and Office 2008. Interestingly, Microsoft Office Web Apps is also included on the list; this is the first time we've seen it present.
Compared to last month's record Patch Tuesday, this one is massive. In fact, this is the highest number of bulletins Microsoft has ever released in one month, as well as the most vulnerabilities that are being fixed. The last record was just two months ago: 14 bulletins and 34 vulnerabilities. The exact breakdown of the bulletins follows:
# | Rating | Impact | Affected software | ||
---|---|---|---|---|---|
1 | Critical | Remote Code Execution | IE6/7/8 on Windows XP/2003/Vista/2008/7/2008 R2 | ||
2 | Critical | Remote Code Execution | Windows Vista/7 | ||
3 | Critical | Remote Code Execution | Windows XP/2003/Vista/2008/7/2008 R2 | ||
4 | Critical | Remote Code Execution | 32-bit unaffected: Windows XP/2003/Vista/2008/7/2008 R2 | ||
5 | Important | Information Disclosure | SharePoint Services 3.0/Server 2007/Foundation 2010 | ||
6 | Important | Elevation of Privilege | Windows XP/2003/Vista/2008/7/2008 R2 | ||
7 | Important | Elevation of Privilege | Windows XP/2003 | ||
8 | Important | Remote Code Execution | Office XP/2003/2007/2010, Office 2004/2008 for Mac | ||
9 | Important | Remote Code Execution | Office XP/2003/2007, Office 2004/2008 for Mac | ||
10 | Important | Remote Code Execution | Windows XP/2003/Vista/2008/7/2008 R2 | ||
11 | Important | Remote Code Execution | Itanium unaffected: Windows XP/2003/Vista/2008/7/2008 R2 | ||
12 | Important | Remote Code Execution | Windows XP/2003/Vista/2008/7/2008 R2 | ||
13 | Important | Elevation of Privilege | Windows XP/2003 | ||
14 | Important | Denial of Service | Windows Vista/2008/7/2008 R2 | ||
15 | Moderate | Remote Code Execution | Windows XP/2003/Vista/2008/7/2008 R2 | ||
16 | Moderate | Tampering | Windows Server 2008 R2 |
Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:
- One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
- One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
- An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center
Further reading
- wong chee tat :)
No comments:
Post a Comment