October 2009 Microsoft Security Bulletins

I was expecting a larger than normal patch deployment for October as this is a five-week cycle due to the day it fell on, so this month we have a LOT of patches going out.

Bulletin ID

Maximum Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software*

Bulletin 1

Critical

Remote Code Execution

Requires restart

Microsoft Windows Vista and Windows Server 2008

Bulletin 2

Critical

Remote Code Execution

May require restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

Bulletin 3

Critical

Remote Code Execution

May require restart

Microsoft Windows 2000, Windows XP, and Windows Server 2003

Bulletin 4

Important

Remote Code Execution

May require restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

Bulletin 5

Critical

Remote Code Execution

Requires restart

Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

Bulletin 6

Critical

Remote Code Execution

May require restart

Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

Bulletin 7

Important

Spoofing

Requires restart

Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

Bulletin 8

Important

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, and Windows Server 2003

Bulletin 9

Important

Elevation of Privilege

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

Bulletin 10

Important

Denial of Service

Requires restart

Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

Bulletin 11

Critical

Remote Code Execution

May require restart

Microsoft Office Outlook 2002, Outlook 2003, Outlook 2007, Visio Viewer 2002, Visio Viewer 2003, and Visio Viewer 2007

Bulletin 12

Critical

Remote Code Execution

May require restart

Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and
Microsoft Silverlight 2

Bulletin 13

Critical

Remote Code Execution

May require restart

Microsoft Windows, Microsoft Office, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront

What does this mean to us that have to turn the handle? Probably a very large deployment package that needs to go out to all our DP's. If your secondaries are low on disk space I'd suggest freeing some up in readiness for this months deployment. Using my crystal ball, I can envision this deployment package being several hundred MB's. Also, if you haven't already then you should be looking at removing some of those old deployment packages (2007\2008), and rolling the non-superceded patches in to a sustainer deployment package to whittle down the size of your existing deployment packages.

Check out the October Security Bulletin to get more information on these patches

http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx