Microsoft released nine (9) bulletins addressing 13 vulnerabilities affecting Windows, Internet Information Services (IIS), and Microsoft Office. Four of those bulletins carry a Critical rating, with the rest rated Important. All except two relate to Remote Code Execution.
It is worthwhile noting that due to security enhancements in both products, there are no critical bulletins for Windows 7 or Windows Server 2008 R2. In addition, the Office bulletin does not affect Office 2010.
Microsoft has also released two security advisories:
- Security Advisory 2401593, which describes a vulnerability affecting Outlook Web Access (OWA) that may affect Microsoft Exchange customers to gain elevation of privilege. An attacker who successfully exploited this vulnerability could hijack an authenticated OWA session.
- Security Advisory 973811, is an updated Advisory enabling Outlook Express and Windows Mail to opt in to Extended Protection for Authentication.
For complete details, see the references listed below.
- MSRC: September 2010 Security Bulletin Release
- TechNet: Microsoft Security Bulletin Summary for September 2010
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,