Microsoft Security Bulletin Summary For August 2009
For more information about the Microsoft Update Catalog, see the Microsoft Update Catalog FAQ. Critical Remote Code ExecutionDoes not require restartMicrosoft Exchange Server MS12-055 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847) This security update resolves one privately reported vulnerability in Microsoft Windows. Critical Remote Code ExecutionMay require restartMicrosoft Windows MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) This security update resolves a privately reported vulnerability in Windows Media Player. This is because this vulnerability was first addressed in MS09-035.) MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) CVE-2009-2493 None(This check over here
The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. This documentation is archived and is not being maintained. For information about SMS, visit Microsoft Systems Management Server. You can find them most easily by doing a keyword search for "security update".
The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. The TechNet Security Center provides additional information about security in Microsoft products. For more information about how to deploy security updates using Windows Server Update Services, see the TechNet article, Windows Server Update Services.
Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. The content you requested has been removed. Some security updates require administrative rights following a restart of the system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Other sources of Microsoft security updates is in Microsoft Download Center and Microsoft Update Catalog. Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) This security update resolves Non-Security, High-Priority Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services
How do I use these tables? Critical Remote Code ExecutionMay require restartMicrosoft Office MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) This security update resolves three privately reported vulnerabilities in You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows.
You can find them most easily by doing a keyword search for "security update". For more information, see Microsoft Knowledge Base Article 913086. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. See also other software categories under this section, Affected Software and Download Locations, for more update files under the same bulletin identifier.
If a software program or component is listed, then the available software update is hyperlinked and the severity rating of the software update is also listed. check my blog International customers can receive support from their local Microsoft subsidiaries. MS09-014 Cumulative Security Update for Internet Explorer (963027) CVE-2008-2540* 3 - Functioning exploit code unlikelyAttack details have been made public, but no known attack vectors for this issue currently exist. MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) CVE-2009-2500 2 - Inconsistent exploit code likely(None) MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) CVE-2009-2501 2 - Inconsistent
You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. This scenario could ultimately result in remote code execution on affected systems. With the release of the bulletins for November 2009, this bulletin summary replaces the bulletin advance notification originally issued November 5, 2009. this content Successful exploitation of this vulnerability requires an attacker and the user to perform a series of complex steps, which include saving specific files to the desktop.
The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or Note You may have to install several security updates for a single vulnerability. For more information on this installation option, see Server Core.
SMS 2.0 users can also use the Software Updates Services Feature Pack to help deploy security updates.
For more information about MBSA, visit Microsoft Baseline Security Analyzer. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. Microsoft Security Bulletin Summary for April 2009 Published: April 14, 2009 | Updated: April 16, 2009 Version: 1.1 This bulletin summary lists security bulletins released for April 2009. For more information, see the entry in Frequently Asked Questions (FAQ) Related to This Security Update in MS09-059.
However, code execution is not possible. Some software updates may not be detected by these tools. Register now for the November security bulletin webcast. have a peek at these guys for reporting two issues described in MS09-058 NSFocus Security Team for reporting an issue described in MS09-058 David Dewey of IBM ISS X-Force for reporting an issue described in MS09-060 Ryan
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation We appreciate your feedback. The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems.
Critical Remote Code ExecutionRequires restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet.