Hello -
Today, as part of our regular monthly security bulletin release process, we are releasing 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework. This release represents our commitment to provide predictable, high-quality updates as part of the service our customers get when they buy Microsoft products.
Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office. This month we also have a few bulletins originating from product groups that we don't see on a regular basis. For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework. It's worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating. Further, three of the bulletins account for 34 of the total vulnerabilities.
Link Removed due to 404 Error
Link Removed due to 404 Error
Our Security Research & Defense team has written blog posts to provide further technical details on the bulletins. Also of note, MS10-073 contains an update (rated Important) that addresses a local Elevation of Privilege as part of the two additional Stuxnet related elevate privilege vulnerabilities we announced in September. The second and final issue will be addressed in an upcoming bulletin.
Tomorrow, please join Jerry Bryant, group manager, Response Communications, and special guest Jonathan Ness, principle security SDE lead, from the Security Research & Defense team for a webcast where they will go into details on this month's release. We will also have a room full of subject matter experts standing by to help answer all of your questions during the session. You can register here:
Date: Wednesday, October 13, 2010
Time: 11:00 a.m. PDT (UTC -7)
Register: Link Removed - Invalid URL
Thanks,
Carlene Chmaj
Security Response Senior Communications Manager
Follow us on Twitter: @MSFTSecResponse
Link Removed due to 404 Error
More...
Today, as part of our regular monthly security bulletin release process, we are releasing 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework. This release represents our commitment to provide predictable, high-quality updates as part of the service our customers get when they buy Microsoft products.
Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office. This month we also have a few bulletins originating from product groups that we don't see on a regular basis. For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework. It's worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating. Further, three of the bulletins account for 34 of the total vulnerabilities.
- Link Removed due to 404 Error (Critical) Cumulative Security Update for Internet Explorer. Note: Internet Explorer 8 is only affected by one RCE listed and IE 9 beta is not affected.
- Link Removed due to 404 Error (Critical) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution.
- Link Removed due to 404 Error (Critical) Vulnerability in .NET Framework Could Allow Remote Code Execution. Note: this affects .NET Framework 4.0.
- Link Removed due to 404 Error (Critical) Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution.
Link Removed due to 404 Error
Link Removed due to 404 Error
Our Security Research & Defense team has written blog posts to provide further technical details on the bulletins. Also of note, MS10-073 contains an update (rated Important) that addresses a local Elevation of Privilege as part of the two additional Stuxnet related elevate privilege vulnerabilities we announced in September. The second and final issue will be addressed in an upcoming bulletin.
Tomorrow, please join Jerry Bryant, group manager, Response Communications, and special guest Jonathan Ness, principle security SDE lead, from the Security Research & Defense team for a webcast where they will go into details on this month's release. We will also have a room full of subject matter experts standing by to help answer all of your questions during the session. You can register here:
Date: Wednesday, October 13, 2010
Time: 11:00 a.m. PDT (UTC -7)
Register: Link Removed - Invalid URL
Thanks,
Carlene Chmaj
Security Response Senior Communications Manager
Follow us on Twitter: @MSFTSecResponse
Link Removed due to 404 Error
More...
