October Patch Tuesday is biggest ever

Stephen Withers
Wednesday, 14 October 2009 05:33

Business IT - Security

An Indexing Service vulnerability that could be exploited via a malicious web page to gain access to the system has been fixed in Windows 2000, XP, Server 2003. Vista, Windows 7 and Server 2008 are not affected.

Kernel vulnerabilities that can only be exploited by local users have been fixed in older versions of Windows. Windows 7 and Server 2008 R2 are not affected by these issues.

A vulnerability in the Local Security Authority subsystem could allow a denial of service attack. This bulletin relates to Windows XP, Server 2003,  Vista, Server 2008, Windows 7, and Server 2008 R2.

As for Office, a single bulletin concerns ActiveX controls that were built using a vulnerable version of the Active Template Library. Office XP, 2003 and 2007 are all affected, and the issue is regarded as critical on all three versions. The various Visio viewers are similarly affected.

Other software that may require updating in relation to this month's bulletins includes various versions of SQL Server, Silverlight, Visual Studio, Report Viewer, and Forefront Client Security.

Microsoft has also released the customary updates for the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter, along with a cumulative update for Media Center for Vista, a reliability update for Windows 7 and Windows Server 2008 R2, and a cumulative update for Media Center TVPack for Vista.

Between September's and October's Patch Tuesdays, Microsoft released a root certificate update for XP, an update for Windows Home Server, the System Update Readiness Tool for Vista and Server 2008, a pair of application compatibility updates for Windows 7 and Server 2008 R2, and a new installation of Internet Explorer 8 for XP systems using Language Interface Packs.