phone 983-651-5611
Home > Microsoft Security > Microsoft Security Bulletin October 2009

Microsoft Security Bulletin October 2009

Acknowledgments Microsoft thanks the following for working with us to help protect customers: Haifei Li of Fortinet’s FortiGuard Global Security Research Team for reporting an issue described in MS09-009 Sean Larsson You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) This security update resolves three privately reported vulnerabilities in Windows Print Spooler. Source

An attacker could exploit the vulnerability by running a specially crafted application causing the system to restart. (CVE-2009-2517) Microsoft has released a security update that addresses these vulnerabilities by ensuring that Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS09-011 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) This security update resolves a privately reported vulnerability in Microsoft DirectX. MS09-020 Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) CVE-2009-1535 1 - Consistent exploit code likelyPublic code is available for information disclosure.

MS09-014 Cumulative Security Update for Internet Explorer (963027) CVE-2009-0551 2 - Inconsistent exploit code likely(None) MS09-014 Cumulative Security Update for Internet Explorer (963027) CVE-2009-0552 3 - Functioning exploit code unlikelyMitigating factors for Cisco will continue to provide a service of separately assessing and, where necessary, validating higher severity security patches that may be relevant to the Cisco Contact Center and Self Service products. Security update MS09-054 was released as part of the October Security Bulletin Release cycle and protects against the vulnerabilities outlined in the bulletin. Detection and Deployment Guidance Microsoft has provided detection and deployment guidance for this month’s security updates.

The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Successful exploitation of this vulnerability requires an attacker and the user to perform a series of complex steps, which include saving specific files to the desktop. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation For details on affected software, see the next section, Affected Software and Download Locations.

Windows Operating System and Components Microsoft Windows 2000 Bulletin Identifier MS09-001 Aggregate Severity Rating Critical Microsoft Windows 2000 Service Pack 4 Microsoft Windows 2000 Service Pack 4 (Critical) Windows XP Bulletin SMS 2.0 users can also use the Software Updates Services Feature Pack to help deploy security updates. Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation.

Includes all Windows content. * Updates from Past Months for Windows Server Update Services. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index. Note for MS09-009 *For Microsoft Office Excel 2007 Service Pack 1, customers also need to install the security update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Microsoft rated this issue as Important for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.

Workarounds:1) Modify NTFS file system permissions to disallow directory creation by FTP users. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. The eight Critical bulletins address vulnerabilities in Microsoft Developer Tools, Forefront, Internet Explorer, Office, Silverlight, SQL Server, and Windows. Revisions V1.0 (April 14, 2009): Bulletin Summary published.

SHOW ME NOW © CBS Interactive Inc.  /  All Rights Reserved. this contact form Important Remote Code ExecutionRequires restartMicrosoft Windows MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) This security update resolves several privately reported vulnerabilities in the Windows kernel. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Some software updates may not be detected by these tools. Use this table to learn about the likelihood of functioning exploit code being released within 30 days of security bulletin release, for each of the security updates that you may need For more information, see Microsoft Knowledge Base Article 913086. Impact: Successful exploitation of these vulnerabilities can allow an attacker to conduct privilege escalation attacks.

New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows. CUIS 7.5(3) Y CUIS 7.x components tested on Windows Server 2003 SP2. * Testing Disposition I: In Progress (indicating that testing is in progress and will be updated when complete) Y: The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs.

Microsoft ISA Server 2004 Standard Edition is also delivered as a component of Windows Small Business Server 2003 Enterprise Edition Service Pack 1 and Windows Small Business Server 2003 R2 Enterprise

The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. If a software program or component is listed, then the available software update is hyperlinked and the severity rating of the software update is also listed. Systems Management Server Microsoft Systems Management Server (SMS) delivers a highly-configurable enterprise solution for managing updates. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion

Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. Consumers can visit Security At Home, where this information is also available by clicking "Latest Security Updates". The TechNet Security Center provides additional information about security in Microsoft products. Check This Out MS09-014 Cumulative Security Update for Internet Explorer (963027) CVE-2008-2540* 3 - Functioning exploit code unlikelyAttack details have been made public, but no known attack vectors for this issue currently exist.

Enable Windows Authentication (specify Authentication Records). Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Customers who have successfully updated their systems do not need to reinstall this update. Microsoft Security Bulletin Summary for April 2009 Published: April 14, 2009 | Updated: April 16, 2009 Version: 1.1 This bulletin summary lists security bulletins released for April 2009.

This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, The vulnerability could allow remote code execution on systems running FTP Service on IIS 5.0, or denial of service on systems running FTP Service on IIS 5.1, IIS 6.0. (CVE-2009-3023) -

There is no charge for support that is associated with security updates. Code execution is not possible. The next release of SMS, System Center Configuration Manager 2007, is now available; see also System Center Configuration Manager 2007. Note for MS09-024 ***Microsoft Office Word 2003 is affected if a vulnerable Works converter is installed.