[Osiris]

Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities


It was always a mystery to me why Microsoft released security patches on one day only considering that an unpatched security vulnerability could be exploited easily in that time. The impression with all the announcements regarding the patches a week or so earlier is that Microsoft has (some of) the patches ready but is not releasing them because they release them in one package on one day.
Microsoft released a batch of eleven security patches for various operating systems and products yesterday which are available by visiting Windows Update or Microsoft Technet which contains in depths information about the affected products and the security vulnerabilities.
The patches fix four critical, six important and 1 moderate security vulnerability:

• Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
• Cumulative Security Update for Internet Explorer (956390)
• Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

• Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
• Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
• Vulnerability in SMB Could Allow Remote Code Execution (957095)
• Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
• Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

• Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

It is highly recommended to update the products as soon as possible to protect the system from this attacks.