This is Steve Adegbite. I am new to the MSRC Crew. I work with Simon and Tami to help manage Microsoft’s security update releases. I also help with Microsoft’s Partner outreach effort and the Microsoft Active Protections Program (MAPP).
So from time to time you will be hearing from me. For my first post, I want to go ahead and let you know about today’s update release. I also want let you know of the launch of the Microsoft Active Protections Program (MAPP) and Exploitability Index.
First, let’s look at this month’s release news.
The October 2008 release includes 11 new Bulletins, and a Killbit Advisory. Four have a maximum severity rating of critical.
Six have a maximum severity rating of important. One has a maximum severity rating of moderate. One is an advisory.
The security bulletins are as follows:
MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
MS08-058 Cumulative Security Update for Internet Explorer (956390)
MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
MS08-060 Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095)
MS08-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Advisory 956391 Cumulative Security Update of ActiveX Kill Bits
For a deeper look at some of the issues behind these bulletins, please visit our Security Vulnerability Research and Defense blog.
Much thanks to Simon for collecting and getting this data together for me.
This month also marks the official release of the Microsoft active Protections Program (MAPP) and the Exploitability Index. MAPP is a program created to help security software providers in the effort to protect customers before a security update is available.
Exploitability Index is way to provide more information to aid customers in their risk management process. For more information on these program check out the ecostrat blog , Microsoft’s Blackhat press material and the MAPP website.
Please join us for the regular monthly security bulletin webcast, Wednesday October 15, 11:00 PDT (GMT -7). We’ll have an overview of the October bulletins, and you’ll have the opportunity to ask us questions around the release.
*This posting is provided “AS IS” with no warranties, and confers no rights.*