Microsoft October 2011 Security Bulletin Release

Microsoft released eight (8) bulletins addressing vulnerabilities in Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server.  Two of the bulletins are rated Critical and six are rated Important

Note:  With the inclusion of .NET Framework updates, it is recommended that those updates be installed separately from the remaining updates.  This is due to issues many people experience when installing .NET Framework updates.  Shutdown/restart the computer to complete the installation.

Below are the Bulletins identified as Critical.  As noted above, it is recommended that MS11-078 be installed separately.

• MS11-081 (Internet Explorer): This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
  
• MS11-078 (.NET Framework & Silverlight): This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

.

Although the Executive Summaries indicate that some of the updates "may" require a restart, regardless of the recommendation, it is always best to restart your computer after applying updates.

Support

The following additional information is provided in the Security Bulletin:

• The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  
• Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
• International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

• MSRC: October Update Tuesday: Security Intelligence Report volume 11 announced
• TechNet: Microsoft Security Bulletin Summary for October 2011

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...