[English readers: you can find English links in this post for your convenience]

Come vi ho già anticipato, Microsoft ha appena pubblicato 16 bollettini di sicurezza che correggono un totale di 49 vulnerabilità:

Indicazioni per utenti finali:

  • Assicuratevi di aver abilitato il meccanismo degli Aggiornamenti Automatici di Windows (consultate l’articolo 294871 se avete bisogno di chiarimenti) in modo da ricevere e installare automaticamente tutti gli aggiornamenti appena pubblicati che si applicano al vostro PC, senza alcuna necessità di intervento da parte dell’utente (a parte assecondare la necessità di un riavvio del sistema). 

Maggiori dettagli tecnici per professionisti IT:

Il riepilogo degli aggiornamenti è disponibile a questo link “Microsoft Security Bulletin Summary for October 2010”, mentre i singoli bollettini tecnici sono i seguenti:

Bulletin ID

Bulletin Title

Max Severity Rating

Vulnerability Impact

MS10-071

Cumulative Security Update for Internet Explorer (2360131)

Critical

Remote Code Execution

MS10-072

Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)

Important

Information Disclosure

MS10-073

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)

Important

Elevation of Privilege

MS10-074

Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)

Moderate

Remote Code Execution

MS10-075

Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)

Critical

Remote Code Execution

MS10-076

Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)

Critical

Remote Code Execution

MS10-077

Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)

Critical

Remote Code Execution

MS10-078

Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)

Important

Elevation of Privilege

MS10-079

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)

Important

Remote Code Execution

MS10-080

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)

Important

Remote Code Execution

MS10-081

Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)

Important

Remote Code Execution

MS10-082

Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)

Important

Remote Code Execution

MS10-083

Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)

Important

Remote Code Execution

MS10-084

Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)

Important

Elevation of Privilege

MS10-085

Vulnerability in SChannel Could Allow Denial of Service (2207566)

Important

Denial of Service

MS10-086

Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)

Moderate

Tampering

Lo strumento gratuito di rimozione di malware, il Malicious Software Removal Tool (MSRT), che viene mensilmente proposto agli utenti in questa occasione, questo mese aggiunge le seguenti famiglie di malware alla lista di rilevamento:

  • Win32/Zbot : Win32/Zbot is a family of password stealing trojans. Win32/Zbot also contains backdoor functionality that allows unauthorized access and control of an affected machine.

Feliciano

Other related posts/resources: