The official corporate security response blog
@MSFTSecResponse
How to Report a Vulnerability to the MSRC
Hello,
Today we published the October 2010 Security Bulleting webcast Questions & Answers page. The October release included 16 security updates, four rated Critical, ten rated Important, and two rated Moderate to address 49 vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Internet Explorer, and Microsoft .NET Framework.
We invite our customers to join us for the next public webcast on Wednesday, November 10 @11AM PST when we will go into detail about the November bulletin release and answer questions live on the air.
Customers can register to attend at the link below:
Date: Wednesday, November 10, 2010 Time: 11:00 a.m. PST (UTC -8) Register: Attendee Registration
Date: Wednesday, November 10, 2010
Time: 11:00 a.m. PST (UTC -8) Register: Attendee Registration
Thanks!
Jerry BryantGroup Manager, Response Communications
Hello -
Today, as part of our regular monthly security bulletin release process, we are releasing 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework. This release represents our commitment to provide predictable, high-quality updates as part of the service our customers get when they buy Microsoft products.
Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office. This month we also have a few bulletins originating from product groups that we don't see on a regular basis. For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework. It's worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating. Further, three of the bulletins account for 34 of the total vulnerabilities.
Below is the aggregate risk and impact for October and the overall deployment priority information to further aid in prioritization:
The video below provides additional viewpoints on the priority bulletins and explains why each should be at the top of your list to install:
Our Security Research & Defense team has written blog posts to provide further technical details on the bulletins. Also of note, MS10-073 contains an update (rated Important) that addresses a local Elevation of Privilege as part of the two additional Stuxnet related elevate privilege vulnerabilities we announced in September. The second and final issue will be addressed in an upcoming bulletin.
Tomorrow, please join Jerry Bryant, group manager, Response Communications, and special guest Jonathan Ness, principle security SDE lead, from the Security Research & Defense team for a webcast where they will go into details on this month's release. We will also have a room full of subject matter experts standing by to help answer all of your questions during the session. You can register here:
Date: Wednesday, October 13, 2010Time: 11:00 a.m. PDT (UTC -7) Register: Attendee Registration
Thanks,
Carlene Chmaj
Security Response Senior Communications Manager
Follow us on Twitter: @MSFTSecResponse
As part of our predictable monthly update process, we have released our Advance Notification Service (ANS) for the October Security Bulletins, which are scheduled for release Tuesday, October 12, 2010. ANS is a service that only Microsoft provides to assist customers in planning for the upcoming security bulletin release.
This month as part of our predictable security update process we are releasing 16 comprehensive bulletins addressing 49 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and the .NET Framework. Four of the bulletins carry a Critical rating, ten are Important and two are Moderate.
We recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins.
Next Wednesday, October 13, 2010, Jerry Bryant, group manager, Response Communications, and special guest Jonathan Ness, principle security SDE lead, from the Security Research & Defense team, will host a public webcast where they will go into details about the bulletins, and answer questions live on the air.
Register for this webcast in advance:
We highly recommend that customers register for our comprehensive alerts if you have not done so already. Sign up here: Microsoft Technical Security Notifications.