Microsoft has just announced the patches that are scheduled to be released for September – http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx The patches are scheduled to be released on September 14.
As has been the trend, the older operating systems (generally XP and Server 2003) have the larger number of applicable bulletins and also more often receive the critical classification.
There are nine bulletins that address thirteen vulnerabilities. Four of the bulletins are rated as critical and the remaining bulletins are classified as important.
The critical vulnerabilities apply to the following operating systems
Bulletin #1
Windows XP-SP3 –
Windows XP-SP2 64 bit
Bulletin #2
Windows Server 2003
Windows Server 2008 (base and SP2)
Windows Server 2008 (base and SP2) 64 bit
Windows XP-SP3 –
Windows XP-SP2 64 bit
Windows Vista SP1 and SP2
Windows Vista 64bit SP1 and SP2
Bulletin #3
Windows Server 2003
Windows Server 2008 (base and SP2)
Windows Server 2008 (base and SP2) 64 bit
Windows XP-SP3 –
Windows XP-SP2 64 bit
Windows Vista SP1 and SP2
Windows Vista 64bit SP1 and SP2
Please note, that none of the bulletins are classified as critical for Windows 7 or for Windows Server 2008 R2 operating systems. In fact, only three of the bulletins are applicable for these operating systems. Those three bulletins are: #1, #5 and #8.
Additionally, bulletins #6, #7 and #9 are not applicable for the Vista or Server 2008 operating systems.
Office products that have critical patches
Bulletin #4
Microsoft Outlook 2002 SP3 (component of Office XP)
Update – September 15
Everything I am reading http://isc.sans.edu/diary.html?storyid=9547 seems to indicate that patches MS10-61 and MS10-65 (the critical designation of MS10-65 applies to systems running IIS with fastCGI installed) should be applied NOW to Windows Server 2003 systems. The vulnerabilities that these patches address are currently being exploited. For that reason, the important classification assigned by Microsoft for MS10-65 has been elevated to critical by SANSs. Microsoft’s information on these can be found at – http://blogs.technet.com/b/msrc/default.aspx?ppud=4&wa=wsignin1.0/default.aspx
Bulletin MS10-61
http://www.microsoft.com/technet/security/Bulletin/MS10-061.mspx
Microsoft Security Bulletin MS10-061 – Critical
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
http://support.microsoft.com/kb/2347290
MS10-061: Vulnerability in Print Spooler Service could allow remote code execution
http://www.microsoft.com/downloads/en/details.aspx?familyid=93FABA6B-0A85-4ACC-B527-A012BBF56B13&displaylang=en
Security Update for Windows XP (KB2347290)
Overview
A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
Bulletin MS10-65
http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
Microsoft Security Bulletin MS10-065 – Important
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
http://support.microsoft.com/kb/2267960
MS10-065: Vulnerabilities in Microsoft Internet Information Services (IIS) could allow remote code execution
http://www.microsoft.com/downloads/en/details.aspx?familyid=555864C3-9114-4988-8526-7BF545A27706&displaylang=en
Overview
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
http://www.microsoft.com/downloads/en/details.aspx?familyid=AE55787E-4A5C-48D5-AEDF-0ABADA514938&displaylang=en
Overview
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
Leave a Reply
You must be logged in to post a comment.