“Microsoft has announced that it has released four security bulletins to address five separate current vulnerabilities. Especially concerning this month is the fact that the three bulletins rated “critical” also rate a “1” on Microsoft’s exploitability index (with MS10-042 addressing a vulnerability that is actively being exploited.) Additionally, MS10-043 requires a reboot and affects Windows Server 2008 64-bit machines, which could be disruptive to some environments.
“MS10-042 and MS10-043 cover vulnerabilities in the Windows Help and Support Center and Canonical Display Driver, respectively, and are rated critical as the vulnerabilities addressed allow for remote code execution – typically the most-feared exploit type. MS10-043 could impact a large swath of Microsoft customers as it affects Windows 7 desktop users and Windows 2008 R2 servers, which are Microsoft’s most current desktop and server solutions. Given the active exploit code that has been circulated, MS10-043 should be prioritized in testing and deployments.
“MS10-044 and MS-045 affect Microsoft Office. While MS10-044 is rated critical, fortunately its impact will be limited to those organizations that have built or utilize applications and processes based on Microsoft Access. Although MS10-045 is only rated important, users are strongly encouraged to pay it attention as it addresses a vulnerability in Microsoft Outlook and remote-code-execution vulnerabilities in email clients should always be a concern for IT administrators.
“IT teams that have both Microsoft and Oracle in house are getting a double whammy this Patch Tuesday as Oracle is also releasing a very large security update that covers 59 vulnerabilities in hundreds of Oracle products. The list of affected products include: Oracle Databases 11g, 10g, and 9i; Oracle WebLogic Server; Oracle JRockit; Oracle E-Business Suite; and various PeopleSoft Enterprise products. Oracle is recommending that these patches be applied as soon as possible.”
