Sophos Cloud Optix
Microsoft have released 8 security bulletins covering 23 vulnerabilities for the October 2011 Patch Tuesday.
Microsoft’s advice this month is a bit confusing, but I will attempt to explain these bulletins to help you make decisions regarding their importance.
Two of the bulletins are rated critical. One impacts all supported versions of Internet Explorer (MS11-081) and could allow remote code execution if a user visits a specially crafted malicious webpage.
All eight vulnerabilities in IE were privately reported, but Microsoft is warning that the flaws are easily exploitable.
The second critical bulletin (MS11-078) affects Microsoft .NET and Silverlight. This bulletin also allows for remote code execution and was privately disclosed.
Microsoft warns it has a high exploitability index and impacts both endpoint computers with .NET/Silverlight installed and some IIS servers with ASP.NET.
Five of the remaining six vulnerabilities are rated important, but also have a high exploitability index. Affected software includes Windows XP/2003/2008/Vista/7/2008R2, Windows Media Center and Forefront Unified Access Gateway.
The last bulletin affects Microsoft Host Integration Server and is rated important with a low exploitability index. This doesn’t mean this update should be ignored, but certainly is a lower priority for deployment than the others.
I will stop writing now so you can start deploying these updates. Keep in mind that most attacks these days are not against zero day vulnerabilities, but things that are already patched. The sooner you can send out the patches, the safer you will be.
SophosLabs have rated the vulnerabilities in Windows, Media Center and .NET/Silverlight as high, Forefront and Internet Explorer as medium and Host Integration Server as low.
Updated my PC (Both XP and WIn7) and already notified my friends on Facebook and my followers on Twitter.
Note: reboot needed for both OS's
I have windows XP and updates as well. I can only assume they are updating what I need to have.
I believe the updates that are offered to you are what you need to have. The plug in (or applet if you use WIndows 7 / Vista) scans the "PC" for what patches you need.
During today's update a malware, probably a rootkit, was installed on my windows 7 laptop. This is the third time this year that my fully patched Windows computer gets infected during Windows update.
May be it's time we took the threat made by that "un-related-to-the-Iranian-government" certificate-hacker more seriously.
If you’re ever in doubt about the legitimacy of a UPS email be sure to contact UPS by phone prior to opening it – UPS Phone Number