Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > 3901 - Microsoft October Update for Multiple Vulnerabilities

CSIRTUK advisories

3901 - Microsoft October Update for Multiple Vulnerabilities

ID: 3901
Date: 14/10/2009
Title: 3901 - Microsoft October Update for Multiple Vulnerabilities
Platform level affected:Operating System
Specific operating systems components affected: 32-bit Windows
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Microsoft
Applications affected:Windows, Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, Forefront
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Active
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Automated Patch
Source: US-CERT and Microsoft
Reliability of source: Trusted
Source URL: http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx
Abstract: Details of Microsoft's October software update concerning a number of vulnerabilities in various products.

                    National Cyber Alert System

              Technical Cyber Security Alert TA09-286A


Microsoft Updates for Multiple Vulnerabilities

   Original release date:
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows and Windows Server
     * Microsoft Internet Explorer
     * Microsoft Office
     * Microsoft .NET Framework
     * Microsoft Silverlight
     * Microsoft SQL Server
     * Microsoft Developer Tools
     * Microsoft Forefront


Overview

   Microsoft has released updates to address vulnerabilities in
   Microsoft Windows and Windows Server, Internet Explorer, Office,
   .NET Framework, Silverlight, SQL Server, Developer Tools, and
   Forefront.


I. Description

   Microsoft has released multiple security bulletins for critical
   vulnerabilities in Microsoft Windows and Windows Server, Internet
   Explorer, Office, .NET Framework, Silverlight, SQL Server,
   Developer Tools, and Forefront. These bulletins are described in
   the Microsoft Security Bulletin Summary for October 2009.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code,
   gain elevated privileges, or cause a vulnerable application to
   crash.


III. Solution

   Apply updates from Microsoft
  
   Microsoft has provided updates for these vulnerabilities in the
   Microsoft Security Bulletin Summary for October 2009. The security
   bulletin describes any known issues related to the updates.
   Administrators are encouraged to note these issues and test for any
   potentially adverse effects. Administrators should consider using
   an automated update distribution system such as Windows Server
   Update Services (WSUS).


IV. References

 * Microsoft Security Bulletin Summary for October 2009 -
   <http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx>

 * Microsoft Windows Server Update Services -
   <http://technet.microsoft.com/en-us/wsus/default.aspx>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-286A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA09-286A Feedback VU#788021" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
 
  October 13, 2009: Initial release

 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Wed, 14 Oct 2009 09:32:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |