It’s Microsoft Patch Tuesday! In the October edition there are 8 updates; three are marked "Critical" and five are rated "Important". A total of 24 vulnerabilities were fixed over 8 bulletins this month. One of the Critical update MS14-056 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 14 CVE's (Common Vulnerability and Exposure).
Here is a list of Security bulletins which were rolled out in today's Patch Tuesday release.
Cumulative Security Update for Internet Explorer (2987107)
Vulnerability in ASP.NET MVC Could Allow Security Feature (2990942)
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
Tracking Microsoft Vulnerability Patches 2014
As shown in the chart above, number of vulnerabilities which were patched this month is significantly low in comparison to last month. This Patch Tuesday turns out to be another IE dominated release just like previous two months. As we do every month, we’ve released a signature update #2429 to address vulnerabilities fixed in this month's patches.Happy patching!