Skip to main content
MSRC

Month Archives: October 2010

Q&A from the October 2010 Security Bulletin Webcast

Monday, October 18, 2010

Hello, Today we published the October 2010 Security Bulleting webcast Questions & Answers page. The October release included 16 security updates, four rated Critical, ten rated Important, and two rated Moderate to address 49 vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Internet Explorer, and Microsoft .NET Framework. We invite our customers to join us for the next public webcast on Wednesday, November 10 @11AM PST when we will go into detail about the November bulletin release and answer questions live on the air.

Something Old, Something New, True Blue

Friday, October 15, 2010

This year marks the tenth BlueHat at Microsoft, and my sixth round in participating in the event that has been so instrumental in keeping Microsoft developers and executives in touch with the pulse of security research outside Microsoft, and serves as one of the key crossroads for the exchange of ideas from our internal security experts to the outside world.

BlueHat v10 Shipping!

Thursday, October 14, 2010

Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here playing MC at the tenth edition (!!!) of the BlueHat Security Briefings on the Microsoft Campus in Redmond.

Assessing the risk of the October security updates

Tuesday, October 12, 2010

Today we released sixteen security bulletins. Four have a maximum severity rating of Critical, ten have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS10-071 (IE) Victim browses to a malicious webpage.

MS10-086: Disk Clustering Vulnerability

Tuesday, October 12, 2010

This morning we released security bulletin MS10-086 to address a vulnerability in Windows failover disk clustering. Exposure to this vulnerability will only occur if Failover Clustering is installed. Failover Clustering is supported on Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Hyper-V, and Windows Server 2008 R2 Storage Server editions.

Note on Bulletin Severity for MS10-081 and MS10-074

Tuesday, October 12, 2010

Today we released MS10-081 (Important severity) and MS10-074 (Moderate severity), each providing an update for a single vulnerability. In this blog post we are going to cover some additional details on the severity of these vulnerabilities that may factor into how you prioritize the deployment of this month’s updates. Neither of the two vulnerabilities covered by MS10-081 and MS10-074 have attack vectors through Microsoft software.

October 2010 Security Bulletin Release

Monday, October 11, 2010

Hello - Today, as part of our regular monthly security bulletin release process, we are releasing 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework. This release represents our commitment to provide predictable, high-quality updates as part of the service our customers get when they buy Microsoft products.