Patch Tuesday: October, 2010: Gobs of Workstation Patches and Some Public; Web Hosters Beware of ASP.NET hole

Most of the 16 bulletins released this cycle are for Workstations as usual – but not all. On MS10-073 attention should be given first to XP workstations. All other supported versions do not have an attack vector at present. Running ASP.NET web sites – especially hosting other peoples websites? Don’t miss MS10-077. A custom ASP.NET page could allow someone to break out of their “sandbox” and attack the server.
BulletinExploit Types
/Technologies Affected		System Types AffectedExploit
details public?
/ Being exploited?		Comprehensive,
practical
workaround
available?		MS severity ratingProducts AffectedNotesRandy's recommendation
MS10-077

2160841		Arbitrary code

/ .Net Framework		Workstations
Terminal Servers
Web Hosting Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch web hosting servers after accellerated testing. Patch others after normal testing.
MS10-085

2207566		Denial of service

/ Windows		Web Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS10-078

2279986		Privilege elevation

/ Windows		Workstations
Terminal Servers
No/NoNoImportant XP
Server 2003
Third party browsers also affectedPatch after testing
MS10-075

2281679		Arbitrary code

/ Windows Media Player		Workstations
No/NoYesCritical Vista
Windows 7
 Patch after testing
MS10-079

2293194		Arbitrary code

/ Office Word		Workstations
Terminal Servers
No/NoNoImportant Office 2003
Office 2007
Word Viewer
Office 2004 for Mac
Office 2008 for Mac
Office Converter Pack
Office 2002
Open XML Converter for MAC
Web Apps
Office 2010
11 vulnerabilitiesPatch after testing
MS10-080

2293211		Arbitrary code

/ Microsoft Office		Workstations
Terminal Servers
No/NoNoImportant Office 2003
Office 2007
Office 2004 for Mac
Office 2008 for Mac
Comp. Pack for Office 2007
Excel Viewer
Office 2002
Open XML Converter for MAC
13 vulnerabilitiesPatch after testing
MS10-086

2294255		Tampering

/ Windows 		Servers
No/NoYesModerate Win2008 R2
Restart Req'dPatch after testing
MS10-081

2296011		Arbitrary code

/ Windows		Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS10-071

2360131		Arbitrary code

/ Internet Explorer		Workstations
Terminal Servers
Yes/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Cumulative Update; Restart Req'dPatch after testing
MS10-084

2360937		Privilege elevation

/ Windows		Workstations
Terminal Servers
Yes/NoNoImportant XP
Server 2003
Restart Req'dPatch after testing
MS10-082

2378111		Arbitrary code

/ Windows Media Player		Workstations
Terminal Servers
No/NoYesImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS10-074

2387149		Arbitrary code

/ Windows		Workstations
Terminal Servers
Yes/NoNoModerate XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS10-083

2405882		Arbitrary code

/ Windows		Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS10-072

2412048		Information disclosure

/ SafeHTML		Workstations
Terminal Servers
Yes/NoNoImportant SharePoint Services 3.0
SharePoint Foundation 2010
SharePoint Server 2007
Groove Server 2010
Web Apps
 Patch after testing
MS10-073

981957 		Privilege elevation

/ Windows		Workstations
Terminal Servers
Yes/YesNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS10-076

982132 		Arbitrary code

/ EOT Font Engine		Workstations
Terminal Servers
No/NoYesCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.