This ‘Patch Tuesday’ for October 2010, sees the release of 16 bulletins addressing 49 vulnerabilities. All bulletins affect Windows; 4 carrying Critical severity rating.
The limited information available at this pre-release stage is as follows:
Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
Bulletin 1 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
Bulletin 2 | Critical Remote Code Execution |
May require restart | Microsoft Windows |
Bulletin 3 | Critical Remote Code Execution |
May require restart | Microsoft Windows |
Bulletin 4 | Critical Remote Code Execution |
May require restart | Microsoft Windows |
Bulletin 5 | Important Information Disclosure |
May require restart | Microsoft Server Software |
Bulletin 6 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 7 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 8 | Important Remote Code Execution |
May require restart | Microsoft Office |
Bulletin 9 | Important Remote Code Execution |
May require restart | Microsoft Office |
Bulletin 10 | Important Remote Code Execution |
Requires restart | Microsoft Windows |
Bulletin 11 | Important Remote Code Execution |
May require restart | Microsoft Windows |
Bulletin 12 | Important Remote Code Execution |
Requires restart | Microsoft Windows |
Bulletin 13 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 14 | Important Denial of Service |
Requires restart | Microsoft Windows |
Bulletin 15 | Moderate Remote Code Execution |
May require restart | Microsoft Windows |
Bulletin 16 | Moderate Tampering |
Requires restart | Microsoft Windows |
In addition, September also saw the release of an out-of-band bulletin by Microsoft (MS10-070) which we issued guidance on last week and should be considered a critical update for .net based web services.
We will issue further information on the impact of this months updates once they have been released for testing early next week.
The ‘Microsoft Security Bulletin Advance Notification for October 2010’ page here should be referenced for detailed information on how these updates are to affect your servers or solutions when released on 12th October (as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)
MC.