1 reply to this topic

[AplusWebMaster]

FYI...

MS Security Bulletin Summary - September 2010
- http://www.microsoft...n/MS10-sep.mspx
September 14, 2010 - "This bulletin summary lists security bulletins released for September 2010... (Total of -9-)
• V2.0 (September 22, 2010): Raised the Exploitability Index assessment rating for CVE-2010-2738, lowered the Exploitability Index assessment rating for CVE-2010-2730, and revised the Exploitability Index key note for CVE-2010-0818.

Critical -4-

Microsoft Security Bulletin MS10-061 - Critical
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
- http://www.microsoft...n/ms10-061.mspx
Remote Code Execution - Requires restart - Microsoft Windows
- http://blogs.technet...nerability.aspx

Microsoft Security Bulletin MS10-062 - Critical
Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
- http://www.microsoft...n/MS10-062.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-063 - Critical
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
- http://www.microsoft...n/MS10-063.mspx
Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS10-064 - Critical
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)
- http://www.microsoft...n/ms10-064.mspx
Remote Code Execution - May require restart - Microsoft Office

Important -5-

Microsoft Security Bulletin MS10-065 - Important
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
- http://www.microsoft...n/MS10-065.mspx
Remote Code Execution - May require restart - Microsoft Windows
- http://blogs.technet...gi-handler.aspx

Microsoft Security Bulletin MS10-066 - Important
Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
- http://www.microsoft...n/ms10-066.mspx
Remote Code Execution - Requires Restart - Microsoft Windows

Microsoft Security Bulletin MS10-067 - Important
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
- http://www.microsoft...n/MS10-067.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-068 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
- http://www.microsoft...n/MS10-068.mspx
Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-069 - Important
Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
- http://www.microsoft...n/MS10-069.mspx
Elevation of Privilege - Requires restart - Microsoft Windows
___

Severity and Exploitability index
- http://blogs.technet...-and-Impact.png

Deployment priority
- http://blogs.technet...rview-Final.png
___

ISC Analysis
- http://isc.sans.edu/...ml?storyid=9547
Last Updated: 2010-09-14 18:00:03 UTC
___

- http://secunia.com/advisories/41292/ - MS10-061
- http://secunia.com/advisories/41395/ - MS10-062
- http://secunia.com/advisories/41396/ - MS10-063
- http://secunia.com/advisories/34075/ - MS10-064
- http://secunia.com/advisories/41375/ - MS10-065
- http://secunia.com/advisories/41399/ - MS10-065
- http://secunia.com/advisories/41412/ - MS10-066
- http://secunia.com/advisories/41416/ - MS10-067
- http://secunia.com/advisories/41419/ - MS10-068
- http://secunia.com/advisories/41420/ - MS10-069
___

MSRT
- http://support.micro...om/?kbid=890830
September 14, 2010 - Revision: 78.0
(Recent additions)
- http://www.microsoft...e/families.aspx
... added this release...
• FakeCog
• Vobfus
- http://blogs.technet...on-fakecog.aspx

Download:
- http://www.microsoft...;displaylang=en
File Name: windows-kb890830-v3.11.exe
Version: 3.11
Date Published: 9/14/2010
To download the x64 version of MSRT, click here:
- http://www.microsoft...;displaylang=en
File Name: windows-kb890830-x64-v3.11.exe

.

Edited by AplusWebMaster, 28 September 2010 - 05:04 PM.

[AplusWebMaster]

FYI...

MS Security Bulletin Summary - September 2010
- http://www.microsoft...n/MS10-sep.mspx
• V4.0 (September 30, 2010): Revised this Bulletin Summary to announce that the updates for MS10-070 are now available through all distribution channels, including Windows Update and Microsoft Update. Also revised the details of updates KB2418240, KB2418241, KB2416470, and KB2416474 for MS10-070.
___

Microsoft Security Bulletin MS10-070 - Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
- http://www.microsoft...n/MS10-070.mspx
Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

- http://blogs.technet...band-today.aspx
28 Sep 2010 - "... The update will be made available initially only through the Microsoft Download Center* and then released through Windows Update and Windows Server Update Services within the next few days..."
* http://www.microsoft...en/default.aspx
10 results found (MS10-070)...

- http://weblogs.asp.n...-available.aspx
September 28, 2010 - "... What is the impact of applying the update to a live web-server?
If you apply the update to a live web-server, there will be some period of time when the web-server will be offline (although an OS reboot should not be required). You’ll want to schedule and coordinate your updates appropriately. Importantly – if your site or application is running across multiple web-servers in a web-farm, you’ll want to make sure the update is applied to all of the machines (and not just some of them)... Once the update is on Windows Update, you can simply run Windows Update on your computer/server and Windows Update will automatically choose the right update to download/apply based on what you have installed. If you download the updates directly from the Microsoft Download Center, then you need to manually select and download the appropriate updates..."

- http://isc.sans.edu/...ml?storyid=9625
Last Updated: 2010-09-28 18:37:49 UTC ...(Version: -4-)

Edited by AplusWebMaster, 01 October 2010 - 03:51 PM.