November 2010 Security Bulletin Release

News

News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Location
Chicago, IL
Hello all. As part of our usual cycle of monthly updates, todayMicrosoft is releasing three security bulletins, addressing 11 vulnerabilities.One of the bulletins has a Critical severity rating, while the other two arerated Important. Recapping the trio:

  • Link Removed due to 404 Error This bulletin resolves five issues affectingall currently supported Microsoft Office products. The bulletin is rated Criticalfor Office 2007 and Office 2010 due to a preview pane vector in Outlook thatcould trigger the vulnerability when a customer views a specially crafted maliciousRTF (Rich Text Format) file. The update also addresses an Office vectorfor the vulnerability described in Link Removed due to 404 Error, which has beenreferred to as "DLL Preloading" and "Binary planting." MS10-087 is Microsoft's top prioritybulletin for deployment in November and has an Exploitability Index rating of 1.
  • Link Removed due to 404 Error This bulletinresolves two cooperatively disclosed vulnerabilities in Microsoft PowerPointthat could allow remote code execution if a user opens a specially crafted PowerPointfile. The overall severity rating is Important due to the user interactionrequired to open the malicious file and we give the bulletin a rating of 2 inour deployment priority assessment.
  • Link Removed due to 404 Error This bulletinresolves four cooperatively disclosed vulnerabilities in Unified Access Gateway(UAG), which is a component of Microsoft Forefront. The most significant ofthese could allow elevation of privilege if a user clicks on a malicious linkon a website. This update is offered through the Microsoft Download Center andis not available through Microsoft Update at this time. With an overall severityrating of Important and user interaction required to exploit, we also give thisa deployment priority of 2.
We are not aware of any active attacks seeking to exploit thevulnerabilities addressed in this month's release. Please see the video below foradditional information on the November bulletins:







As always, we recommend that customers deploy all security updatesas soon as possible. To further assist customers in their deployment planning,here is an aggregate view of risk and impact and our deployment priorityguidance (click for larger view):





Link Removed due to 404 Error

Our Security Research & Defense (SRD)team takes a closer look at some of the issues raised by this month's round ofbulletins today on itsblog.

More information about thesecurity updates can be found on the Microsoft Security Bulletin summary Link Removed due to 404 Error. Our ExploitabilityIndex provides additional information tohelp customers prioritize deployment of the monthly security bulletins.

Please join the monthly technicalwebcast to learn more about the November 2010 security bulletin release. Thewebcast is scheduled for Wednesday, November 10, 2010 at 11:00 a.m. PST (UTC -8).Registration is available Link Removed - Invalid URL.

Remember, you can follow the MSRC team forlate breaking news and updates on the threat landscape on Twitter at @MSFTSecResponse.

Thanks,

Jerry Bryant
Group Manager, Response Communications




Link Removed due to 404 Error

More...
 
You must log in or register to reply here.

Similar threads

Mike
  • Article
Windows 11 Windows 11 version 22H2 receives security update KB5023706 (OS Build 22621.1413)
Replies
0
Views
3K
Mike
Mike
News
Delivering Microsoft Edge WebView2 Runtime to managed Windows 10 devices
Replies
2
Views
3K
Cilicis1972
C
Mike
  • Article
A Comprehensive Guide to Using and Troubleshooting BitLocker on Windows 11
Replies
0
Views
3K
Mike
Mike
News
Announcing Windows 11 Insider Preview Build 25281
Replies
0
Views
2K
News
News
News
Inspired by challenges in your workday: latest innovations and updates from Microsoft Edge
Replies
0
Views
1K
News
News
Back
Top Bottom