11 Patches! So much for easing back into things after being on leave.
This month we have 4xCritical 6xImportant 1xModerate for our patching pleasure, all of which are detected via Microsoft Baseline Security Analyzer (MS BSA 2.1). A restart will be required.
| Bulletin | KB number | Description | Severity | Impact | Software |
|---|---|---|---|---|---|
| MS08-056 | 957699 | Vulnerability in Microsoft Office Could Allow Information Disclosure | Information Disclosure | Moderate | Microsoft Office. |
| MS08-057 | 956416 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution | Remote Code Execution | Critical | Microsoft Office |
| MS08-058 | 956390 | Cumulative Security Update for Internet Explorer | Remote Code Execution | Critical | Microsoft Windows, Internet Explorer |
| MS08-059 | 956695 | Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution | Remote Code Execution | Critical | Microsoft Host Integration Server |
| MS08-060 | 957280 | Vulnerability in Active Directory Could Allow Remote Code Execution | Remote Code Execution | Critical | Microsoft Windows |
| MS08-061 | 954211 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Windows |
| MS08-062 | 953155 | Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution | Remote Code Execution | Important | Microsoft Windows |
| MS08-063 | 957095 | Vulnerability in SMB Could Allow Remote Code Execution | Remote Code Execution | Important | Microsoft Windows |
| MS08-064 | 956841 | Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege | Remote Code Execution | Important | Microsoft Windows |
| MS08-065 | 951071 | Vulnerability in Message Queuing Could Allow Remote Code Execution | Remote Code Execution | Important | Microsoft Windows |
| MS08-066 | 956803 | Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege | Elevation of Privilege | Important | Microsoft Windows |
| kill bit | 956391 | Cumulative Security Update of ActiveX Kill Bits | . | . | . |
For this month:
This month Microsoft released 11 bulletins which repair a total of 20 vulnerabilities. None of these vulnerabilities have been seen in in-the-wild attacks.
… Out of the 11 patches this month, only three of the vulnerabilities were related to file-format or client-side issues, three were elevation of privileges, and a surprising five were remote code execution of network protocols. Because of this, desktop and server administrators alike will likely spend a lot of time analyzing and patching their responsible network segments. … — eEye [5]
PATCH NOW:
LINKS:
[1.] October 2008 Monthly Bulletin Release (2008-Oct-14) [MS]
[2.] October Black Tuesday Overview (2008-Oct-14) [SANS]
[3.] Microsoft Security Bulletin Summary for October 2008 (2008-Oct-14) [MS]
[4.] Microsoft security updates for October 2008 (2008-Oct-14) [MS]
[5.] Microsoft Patch Disclosure – October 2008 (2008-Oct-14) [eEye]
