14 DAY TRIAL // October 14 was synonymous not only with the availability of a new release out of the Microsoft monthly patch cycle but also with the introductions of a couple of new security from the Redmond company: the Microsoft Active Protections Program (MAPP) and Exploitability Index. Microsoft has patched a fresh round of no less than 20 security vulnerabilities impacting a range of its products, including Windows Vista Service Pack 1 and Windows XP Service Pack 3. Almost a dozen security bulletins were issues covering not only Vista SP1 and XP SP3, but also a variety of Internet Explorer, Office, Windows Server and Microsoft Host Integration Server versions. As of October 14, all the security bulletins have been released via Windows Update.
"The October 2008 release includes 11 new Bulletins," revealed Steve Adegbite, Microsoft security update releases manager. "Four have a maximum severity rating of critical. Six have a maximum severity rating of important. One has a maximum severity rating of moderate."
According to information provided by Microsoft, details on only one of the six vulnerabilities affecting Internet Explorer were made public ahead of the October patch release. Out of the remaing 19 security flaws, only eight have been tagged according to the Exportability Index with the “Consistent exploit code likely” label. For four issues, functional exploit code is considered unlikely, while for other seven flaws, Microsoft considers that the inconsistent exploit code is likely.
“This month also marks the official release of theMicrosoft Active Protections Program (MAPP) and the Exploitability Index. MAPP is a program created to help security software providers in the effort to protect customers before a security update is available. Exploitability Index is a way to provide more information to aid customers in their risk management process,” Adegbite added.
Here are the security bulletins issued on October 14, 2008, according to Microsoft:
- MS08-056 - Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
- MS08-057 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
- MS08-058 - Cumulative Security Update for Internet Explorer (956390)
- MS08-059 - Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
- MS08-060 - Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
- MS08-061 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
- MS08-062 - Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
- MS08-063 - Vulnerability in SMB Could Allow Remote Code Execution (957095)
- MS08-064 - Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
- MS08-065 - Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
- MS08-066 - Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803).