14 DAY TRIAL // This October Microsoft has plugged a record number of security holes affecting a range of its products, with the patches now served to customers worldwide through Windows Update.
A total of 16 security bulletins were released on this month’s Patch Tuesday, designed to resolve almost 50 vulnerabilities, but despite the large volume of patches and vulnerabilities, only a very small number of security issues are actually considered Critical.
As is the case every month, customers are advised to deploy the October 2010 patches for Microsoft software as soon as possible, in order to ensure that their machines are safe from potential attacks, threats, exploits, etc.
“Bulletins this month address 49 vulnerabilities affecting Microsoft Office, Windows, Internet Explorer and the .NET Framework. Of note, only six of the 49 vulnerabilities are rated Critical,” revealed Jerry Bryant, group manager, response communications, Microsoft.
“This protection service is provided as part of Microsoft’s commitment to customer safety and as part of every Microsoft software purchase.
“As always, Microsoft encourages customers to test and deploy all updates as soon as possible to help prevent criminal attacks on their computers.” (watch this video for more info)
Of course, out of the total of 16 bulletins, there are patch packages that IT professionals and administrators need to consider a priority in terms of deployment.
Bryant made it clear that customers should prioritize the deployment of four security bulletins out of the total number of security updates released by the software giant this month.
“Critical Remote Code Execution – bulletins listed in order of deployment priority:
- MS10-071 addresses a vulnerability in Internet Explorer
- MS10-076 addresses a vulnerability in Open Type Font Engine in Windows
- MS10-077 addresses a vulnerability in .NET Framework
- MS10-075 addresses a vulnerability in Windows Media Player,” Bryant said.
Customers can also have a look at the graphics supplied by the Redmond company illustrating Deployment Priority and the Severity and Exploitability of security bulletins this month.
“Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office,” revealed Carlene Chmaj, Security Response Senior Communications Manager
“This month we also have a few bulletins originating from product groups that we don't see on a regular basis.
“For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework.
“It's worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating.”
Bryant offered the complete list of Microsoft October Security Bulletins, listed in order of deployment priority:
· MS10-071 (Cumulative update for Internet Explorer) addresses 11 vulnerabilities in Office, has a maximum security rating of Critical and an Exploitability Index rating of 1
· MS10-076 (Open Type Font Format EoP) addresses 1 vulnerability in Windows , has a maximum security rating of Critical and an Exploitability Index rating of 1
· MS10-077 (.NET Framework) addresses 1 vulnerability in the .NET Framework, has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-075 (Media Player) addresses 1 vulnerability in Windows, has a maximum security rating of Critical and an Exploitability Index rating of 1
· MS10-073 (Windows Kernel-Mode EoP) addresses 3 vulnerabilities in Windows has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-082 (Windows Media Player) addresses 1 vulnerability in Windows , has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-081 (Windows Common Control) addresses 1 vulnerability in Windows , has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-079 (Microsoft Word) addresses 11 vulnerabilities in Office has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-080 (Microsoft Excel) addresses 13 vulnerabilities in Office , has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-084 (Windows Local EoP) addresses 1 vulnerability in Windows, has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-078 (Embedded OpenType Font) addresses 2 vulnerabilities in Windows, has a maximum security rating of Critical and an Exploitability Index rating of 1
· MS10-083 (Windows Shell and WordPad) addresses 1 vulnerability in Windows, has a maximum security rating of Important and an Exploitability Index rating of 1
· MS10-072 (SafeHTML could allow Information Disclosure) addresses 2 vulnerabilities in Office , has a maximum security rating of important and an Exploitability Index rating of 3
· MS10-085 (SChannel Denial of Service) addresses 1 vulnerability in Windows , has a maximum security rating of Important and an Exploitability Index rating of 3
· MS10-074 (Microsoft Foundation Classes (MFC)) addresses 1 vulnerability in Windows , has a maximum security rating of Moderate and an Exploitability Index rating is not applicable
· MS10-086 (Windows Shared Cluster Disks) addresses 1 vulnerability in Windows , has a maximum security rating of Moderate and an Exploitability Index rating is not applicable.
