Patch Tuesday a staggering 17 security bulletins (nine of which have been given Microsoft’s highest severity rating of “critical”), addressing 64 security vulnerabilities. Software including bugs which are said to be fixed by the patches include Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio and .NET Framework.
One of the vulnerabilities reportedly fixed will be the MHTML redering flaw that was discovered earlier this year. Internet Explorer was one the products found to be at risk from the zero-day vulnerability that could allow maliciously crafted webpages to execute code in any “zone” regardless of which zone is specified.
Bulletin Summary Bulletin ID Maximum Severity Rating Vulnerability Impact Restart Requirement Affected Software* Bulletin 1 Critical Remote Code Execution Requires restart Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 2 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 3 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 4 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 5 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 6 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office XP. Bulletin 7 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 8 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 9 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 10 Important Remote Code Execution May require restart Microsoft Excel 2002, Excel 2003, Excel 2007, Excel 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. Bulletin 11 Important Remote Code Execution May require restart Microsoft PowerPoint 2002, PowerPoint 2003, PowerPoint 2007; PowerPoint 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, PowerPoint Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and PowerPoint Web App. Bulletin 12 Important Remote Code Execution May require restart Microsoft Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac. Bulletin 13 Important Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 14 Important Remote Code Execution May require restart Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010, Visual C++ 2005 SP1 Redistributable Package, Visual C++ 2008 Sp1 Redistributable Package, and Visual C++ 2010 Redistributable Package. Bulletin 15 Important Information Disclosure Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 16 Important Remote Code Execution May require restart Microsoft Windows XP and Windows Server 2003. Bulletin 17 Important Elevation of Privilege Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. * The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the “Advance Notification Webpage” link below and review the “Affected Software” section. Further information on the patches can be found in the advance notice that Microsoft has published on its website.
Category Archives: Patch Tuesday
Microsoft Patchday ahead
The Redmond company today announced that it plans to release 12 security bulletins on the upcoming Patch Tuesday. The according updates close 22 security holes within the Windows operating systems, Internet Explorer and Microsoft Office. Of those, 3 bulletins cope with critical rated vulnerabilities and the rest are rated important. Be prepared to test and roll out the updates as soon as possible! 5 of the bulletins deal with vulnerabilities which allow attackers to remotely execute code on affected computers.
According to a blog post in Microsoft’s Security Response Center, the February Patchday updates will fix the MHTML processing vulnerability as well as the thumbnail rendering security hole.
Microsoft to Patch 13 Security Holes in Windows, Office
Microsoft is planning another busy Patch Tuesday this month – with nine bulletins that tackle a total of 13 vulnerabilities ready for delivery next Tuesday (14 September).
According to the Microsoft Office bulletins will cover security holes in Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007. It is likely these will include fixes for the DLL load hijacking attack vector that affects hundreds of Windows applications.
Seven of the nine bulletins address flaws that could lead to “remote code execution” attacks so it’s important for affected Windows users to pay close attention to this patch batch.
Microsoft Patch Tuesday for June 2010
Microsoft is lining up a bumper load of 10 security bulletins covering 34 vulnerabilities for June’s Patch Tuesday release. Three of the 10 bulletins, due on 8 June, cover critical flaws, normally defined as security holes that might allow an attacker to take full control of the targeted machine. The other seven notices fall in the lesser category of important and deal with bugs in Windows and Office.
The June release is a large update and will keep system administrators busy, even if they have migrated to Windows 7 already, explained Wolfgang Kandek, CTO of Qualys
Check out the article – [The Register]
MS Security Patches for December
Microsoft has issued a Security Bulletin Advance Notification indicating that its December release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Microsoft Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, December 8.
Source [US-CERT]
Whats Coming in November's Microsoft Patch Tuesday?
Microsoft plans to release six security bulletins next Tuesday November 10 to fix at least 15 serious vulnerabilities
that could expose Windows users to malicious hacker attacks. According to Microsoft’s advance notice for this month’s Patch Tuesday, the updates will address gaping holes in the Windows operating system and the Microsoft Office productivity suite.
Here is the notice from Microsoft.
October Preview of Microsoft Patch Tuesday
So Microsoft is preparing for their biggest “Patch Tuesday” update ever next week. There are 13 bulletins collectively addressing 34 security vulnerabilities across a number of the Microsoft Products. Eight of the bulletins earned the classification of “Critical”.
Two of these critical updates will address the recently talked about vulnerability in SMBv2 (Server Message Block, version 2) and a security vulnerability in the FTP component in Microsofts IIS web server software.
Some of the other patches will address vulnerabilities in Internet Explorer, Office, Developer Tools & SQL Server. All versions of windows will need updating including Windows 7, even though the Operating System doesnt ship until October 22nd, but the RTM code needs patching to protect the vulnerabilities in IE 8.