Microsoft Security Bulletin Summary for September 14 and OOB 28 2010

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 14, 2010.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for September 14 and OOB 28, 2010

    Microsoft Security Bulletin Summary for September 14, 2010

    Microsoft Security Bulletin Summary for September 14 2010
    Published: September 14 2010


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:


    http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx

    Critical (4)
    Microsoft Security Bulletin MS10-061
    Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
    http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx


    Microsoft Security Bulletin MS10-062
    Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (97555:cool:
    http://www.microsoft.com/technet/security/bulletin/ms10-062.mspx


    Microsoft Security Bulletin MS10-063
    Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
    http://www.microsoft.com/technet/security/bulletin/ms10-063.mspx


    Microsoft Security Bulletin MS10-064
    Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)
    http://www.microsoft.com/technet/security/bulletin/ms10-064.mspx

    Important (5)
    Microsoft Security Bulletin MS10-065
    Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
    http://www.microsoft.com/technet/security/bulletin/ms10-065.mspx


    Microsoft Security Bulletin MS10-066
    Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
    http://www.microsoft.com/technet/security/bulletin/ms10-066.mspx


    Microsoft Security Bulletin MS10-067
    Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
    http://www.microsoft.com/technet/security/bulletin/ms10-067.mspx


    Microsoft Security Bulletin MS10-068
    Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
    http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx


    Microsoft Security Bulletin MS10-069
    Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
    http://www.microsoft.com/technet/security/bulletin/ms10-069.mspx


    Moderate (0)



    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Re: Microsoft Security Bulletin Summary for September 14, 2010

    Microsoft® Windows® Malicious Software Removal Tool (KB890830)

    Version:3.11Date Published:9/14/2010

    New Additions
    We have added detection and cleaning capabilities for the following malicious software:

    Stuxnet
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Win32/Stuxnet

    CplLnk
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Win32/CplLnk

    Vobfus.A
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Worm:Win32/Vobfus.gen!A

    Vobfus.B
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Worm:Win32/Vobfus.gen!B

    Vobfus.C
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Worm:Win32/Vobfus.gen!C

    Vobfus!dll
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Worm:Win32/Vobfus!dll

    Worm:Win32/Sality.AU
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Worm:Win32/Sality.AU

    Virus:Win32/Sality.AU
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Virus:Win32/Sality.AU

    Trojan:WinNT/Sality
    http://go.microsoft.com/fwlink/?LinkId=37020&Name=Trojan:WinNT/Sality

    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Re: Microsoft Security Bulletin Summary for September 14, 2010

    TechNet Webcast: Information About Microsoft September Security Bulletins (Level 200)
    Event ID: 1032454433


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Decision Maker,IT Generalist.

    Duration: 90 Minutes
    Start Date: Wednesday, September 15, 2010 11:00 AM Pacific Time (US & Canada)
    Event Overview
    Join us for a brief overview of the technical details of the September security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

    Register now for the september security bulletin webcast.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Re: Microsoft Security Bulletin Summary for September 14, 2010

    Microsoft Security Bulletin MS10-050 - Important


    Microsoft Security Bulletin MS10-050 - Important
    Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
    Published: August 10, 2010 | Updated: September 15, 2010

    Revisions


    V1.0 (August 10, 2010): Bulletin published.


    V1.1 (August 11, 2010): Added a link to Microsoft Knowledge Base Article 981997 under Known Issues in the Executive Summary.


    V1.2 (September 15, 2010): Added a link to Microsoft Knowledge Base Article 981997 to provide an automated Microsoft Fix it solution for the workaround, Remove the Movie Maker .MSWMM file association.

    http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx?pubDate=2010-09-15
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Re: Microsoft Security Bulletin Summary for September 14, 2010

    Microsoft Security Advisory (241672:cool:
    Vulnerability in ASP.NET Could Allow Information Disclosure
    Published: September 17, 2010 | Updated: September 20, 2010

    Revisions
    • V1.0 (September 17, 2010): Advisory published.

    • V1.1 (September 20, 2010): Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround.

    http://www.microsoft.com/technet/security/advisory/2416728.mspx
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Re: Microsoft Security Bulletin Summary for September 14, 2010

    Microsoft Releases Security Advisory 2416728
    added September 20, 2010 at 03:15 pm | updated September 27, 2010 at 09:32 am

    Microsoft has released a security advisory to alert users of a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data.

    Revisions
    • V1.0 (September 17, 2010): Advisory published.

    • V1.1 (September 20, 2010): Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround.

    • V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should reapply all listed steps.

    https://www.microsoft.com/technet/security/advisory/2416728.mspx
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK


    MS Out-of-Band Security Bulletin Summary for september 28, 2010

    Microsoft Security Bulletin Summary for september 2010
    Published: september 28, 2010


    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/current.aspx

    Important (1)
    Microsoft Security Bulletin MS10-070 - Important
    Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
    Published: September 28, 2010
    http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx




    The security update is fully tested and ready for release, but will be made available initially only on the Microsoft Download Center. This enables us to get the update out as quickly as possible, allowing administrators with enterprise installations, or end users who want to install this security update manually, the ability to test and update their systems immediately. We strongly encourage these customers to visit the Download Center, download the update, test it in their environment and deploy it as soon as possible.

    http://www.microsoft.com/downloads/en/default.aspx
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information about Microsoft’s September 2010 OOB Security Bulletin Release (Level 200)
    Event ID: 1032464130

    Language(s): English.
    Product(s): Security.
    Audience(s): IT Decision Maker,IT Generalist.


    Duration: 90 Minutes
    Start Date: Tuesday, September 28, 2010 1:00 PM Pacific Time (US & Canada)



    Event Overview
    Microsoft is releasing an Out-of-Band Security bulletin which addresses a security vulnerability in all supported editions of Windows. Please join us Tuesday, September 28 at 1:00 p.m. PDT (UTC -:cool: for a public webcast where we will present information on the bulletin and take customer questions.

    Presenter: Dave Forstrom, Director, Response Communications and Dustin Childs, Senior Security Manager



    Register now for the out of band september security bulletin webcast.
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    please note that the download for the out of band security update is now available for all operating systems from the Microsoft windows update website

    Important (1)
    Microsoft Security Bulletin MS10-070 - Important
    Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
    Published: September 28, 2010
     

    Attached Files:

  11. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS10-070 - Important
    Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
    Published: September 28, 2010 | Updated: September 30, 2010


    Revisions
    • V1.0 (September 28, 2010): Bulletin published.

    • V2.0 (September 30, 2010): Revised this bulletin to announce that the updates are now available through all distribution channels, including Windows Update and Microsoft Update. Also added an update FAQ to describe additional clarifications and corrections to the bulletin.

    http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
     
  12. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 for x64-based Systems (KB2416473)

    Download size: 1.5 MB

    Article ID: 2416473 - Last Review: October 5, 2010 - Revision: 3.0

    You may need to restart your computer for this update to take effect.

    Update type: Important

    A security issue has been identified that could allow an attacker to compromise your Windows-based system that is running the Microsoft .NET Framework and gain access to information. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

    More information:
    http://go.microsoft.com/fwlink/?LinkId=202421

    Help and Support:
    http://support.microsoft.com
     
Loading...
Thread Status:
Not open for further replies.