Hello Everyone!

 

This is Steve Adegbite. I am new to the MSRC Crew. I work with Simon and Tami to help manage Microsoft’s security update releases. I also help with Microsoft’s Partner outreach effort and the Microsoft Active Protections Program (MAPP).

 

So from time to time you will be hearing from me. For my first post, I want to go ahead and let you know about today’s update release. I also want let you know of the launch of the Microsoft Active Protections Program (MAPP) and Exploitability Index.

 

First, let’s look at this month’s release news.

 

The October 2008 release includes 11 new Bulletins, and a Killbit Advisory. Four have a maximum severity rating of critical.

 

Six have a maximum severity rating of important. One has a maximum severity rating of moderate. One is an advisory.

 

The security bulletins are as follows:

 

MS08-056                            Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

 

MS08-057                            Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

 

MS08-058                            Cumulative Security Update for Internet Explorer (956390)

 

MS08-059                            Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)

 

MS08-060                            Vulnerability in Active Directory Could Allow Remote Code Execution (957280)

 

MS08-061                            Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)

 

MS08-062                            Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)

 

MS08-063                            Vulnerability in SMB Could Allow Remote Code Execution (957095)

 

MS08-064                            Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)

 

MS08-065                            Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

 

MS08-066                            Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)

 

Advisory 956391               Cumulative Security Update of ActiveX Kill Bits

 

For a deeper look at some of the issues behind these bulletins, please visit our Security Vulnerability Research and Defense blog.

 

Much thanks to Simon for collecting and getting this data together for me.

 

This month also marks the official release of the Microsoft active Protections Program (MAPP) and the Exploitability Index.  MAPP is a program created to help security software providers in the effort to protect customers before a security update is available.

 

Exploitability Index is way to provide more information to aid customers in their risk management process. For more information on these program check out the ecostrat blog , Microsoft's Blackhat  press material  and the MAPP website.

 

Please join us for the regular monthly security bulletin webcast, Wednesday October 15, 11:00 PDT (GMT -7). We'll have an overview of the October bulletins, and you'll have the opportunity to ask us questions around the release.

Cheers,

Steve

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*