Partner Otaku

Microsoft Security Bulletin MS10-018 – Critical

Cumulative Security Update for Internet Explorer (980182)

Published: March 30, 2010

Version: 1.0

General Information

Executive Summary

This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6 Service Pack 1, Internet Explorer 6 on Windows clients, Internet Explorer 7, and Internet Explorer 8 on Windows clients. For Internet Explorer 6 on Windows servers, this update is rated Important. And for Internet Explorer 8 on Windows servers, this update is rated Moderate.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer verifies the origin of scripts and handles objects in memory, content using encoding strings, and long URL. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 981374. The vulnerability, CVE-2010-0806, does not affect Windows 7, Windows Server 2008 R2, or Internet Explorer 8.

Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

 

This alert is to provide you with an overview of the new security bulletin(s) being released on February 09, 2010. Security bulletins are released monthly to resolve critical problem vulnerabilities. We will also provide an overview of one new security advisory being released.

                                                                                  

New Security Bulletins

 

Microsoft is releasing the following 13 new security bulletins for newly discovered vulnerabilities:

 

Bulletin ID	Bulletin Title	Max Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software*
MS10-003	Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)	Important	Remote Code Execution	May require restart	Microsoft Office XP, Office 2004 for Mac.
MS10-004	Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)	Important	Remote Code Execution	May require restart	Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac.
MS10-005	Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)	Moderate	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-006	Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-007	Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-008	Cumulative Security Update of ActiveX Kill Bits (978262)	Critical	Remote Code Execution	May require restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-009	Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)	Critical	Remote Code Execution	Requires restart	Microsoft Windows Vista and Windows Server 2008.
MS10-010	Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)	Important	Denial of Service	Requires restart	Microsoft Windows Server 2008 and Windows Server 2008 R2.
MS10-011	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)	Important	Elevation of Privilege	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-012	Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)	Important	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-013	Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-014	Vulnerability in Kerberos Could Allow Denial of Service (977290)	Important	Denial of Service	Requires restart	Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008.
MS10-015	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)	Important	Elevation of Privilege	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.
* The list of affected software in the summary table is an abstract. To see the full list of affected components, including information on whether Server Core installations are affected, please visit the bulletin via the link in the left column and review the "Affected Software" section.

 

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx.

 

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

 

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

 

 

In addition to the new security bulletin, Microsoft is also releasing a new security advisory on February 09, 2010. Here is an overview:

 

Identifier	Vulnerability in TLS/SSL Could Allow Spoofing (977377)
Summary	Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer(SSL)protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.   As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues.   As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround is not intended for wide implementation and should be tested extensively prior to implementation.   Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, depending on customer needs.
Affected Software	·        Windows 2000 (All Supported Versions) ·        Windows XP (All Supported Versions) ·        Windows Server 2003 (All Supported Versions) ·        Windows Vista (All Supported Versions) ·        Windows Server 2008 (All Supported Versions) ·        Windows 7 (All Supported Versions) ·        Windows Server 2008 R2 (All Supported Versions)
Recommendations	Review Microsoft Security Advisory 977377 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Additional Resources	·        Microsoft Security Advisory 977377: http://www.microsoft.com/technet/security/advisory/977377.mspx ·        Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/ ·        Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/ ·        Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/

 

 

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft February Security Bulletins (Level 200)

Date: Wednesday, February 10, 2010, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032427679

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.

 

Bulletin Identifier	Microsoft Security Bulletin MS10-003
Bulletin Title	Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.   The update addresses the vulnerability by modifying the way that Microsoft Office opens files.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Office XP and Microsoft Office 2004 for Mac.
Affected Software	Microsoft Office XP, Office 2004 for Mac.
Attack Vectors	·        A maliciously crafted Office document. ·        A maliciously crafted e-mail attachment.
Mitigating Factors	·        Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-062
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-004
Bulletin Title	Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Executive Summary	This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file.   The security update addresses the vulnerabilities by changing the way that Microsoft Office PowerPoint and Microsoft PowerPoint Viewer parse specially crafted PowerPoint files.
Severity Ratings	This security update is rated Important for supported editions of Microsoft Office PowerPoint 2002 and Microsoft Office PowerPoint 2003, and Microsoft Office 2004 for Mac.
Affected Software	Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac.
Attack Vectors	·        A maliciously crafted PowerPoint file. ·        A maliciously crafted e-mail attachment. ·        A maliciously crafted Web page.
Mitigating Factors	·        Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-017
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-005
Bulletin Title	Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint.   The security update addresses the vulnerability by modifying the way that Microsoft Paint decodes JPEG image files.
Severity Ratings	This security update is rated Moderate for Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors	·        A maliciously crafted image file. ·        A maliciously crafted e-mail attachment. ·        A maliciously crafted Web page.
Mitigating Factors	·        An attacker must convince the user to open the malicious file in Microsoft Paint. ·        Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. ·        Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-005.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-006
Bulletin Title	Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Executive Summary	This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.   The security update addresses the vulnerabilities by correcting the manner in which the SMB client validates responses.
Severity Ratings	This security update is rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2, and is rated Important for Windows Vista and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	A specially crafted SMB response to a client-initiated SMB request.
Mitigating Factors	·        To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. ·        Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS06-030 and MS08-068.
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-006.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-007
Bulletin Title	Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.   The security update addresses the vulnerability by correcting the way that the ShellExecute API validates input parameters.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors	·        A maliciously crafted application ·        A maliciously crafted e-mail attachment ·        A maliciously crafted Web page
Mitigating Factors	Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-007.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-008
Bulletin Title	Cumulative Security Update of ActiveX Kill Bits (978262)
Executive Summary	This security update addresses a privately reported vulnerability that could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer. This update also includes kill bits for these four third-party ActiveX controls: ·        Symantec WinFax Pro 10.3 ·        Google Desktop Gadget v5.8 ·        Facebook Photo Updater 5.5.8 ·        Panda ActiveScan Installer 2.0   The security update addresses the vulnerability by setting a kill bit so that the vulnerable control does not run in Internet Explorer.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	A maliciously crafted Web page
Mitigating Factors	·        Users would have to be persuaded to visit a malicious Web site. ·        Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-055
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-008.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-009
Bulletin Title	Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
Executive Summary	This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled.   The security update addresses the vulnerabilities by changing the way Windows TCP/IP performs bounds checking and other packet handling operations.
Severity Ratings	This security update is rated Critical for Windows Vista and Windows Server 2008.
Affected Software	Microsoft Windows Vista and Windows Server 2008.
Attack Vectors	Maliciously crafted network packets
Mitigating Factors	·        Microsoft has not identified any mitigations for CVE-2010-0239, CVE-2010-0241, and CVE-2010-0242. ·        For CVE-2010-0240 only: This vulnerability only impacts Windows systems if they have installed a custom network driver that splits the UDP header into multiple MDLs. Microsoft is not aware of any driver that takes this action.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-009.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-010
Bulletin Title	Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Executive Summary	This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server.   The security update addresses the vulnerability by correcting the way Hyper-V server validates encoding on machine instructions executed inside its guest virtual machines.
Severity Ratings	This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2.
Affected Software	Microsoft Windows Server 2008 and Windows Server 2008 R2.
Attack Vectors	A maliciously crafted application.
Mitigating Factors	An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-011
Bulletin Title	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out.   The security update addresses the vulnerability by correcting the manner in which users’ processes are terminated upon logout.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors	A maliciously crafted application.
Mitigating Factors	An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-011.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-012
Bulletin Title	Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Executive Summary	This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.   The security update addresses these vulnerabilities by correcting the way that SMB validates SMB requests.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	Maliciously crafted network packets.
Mitigating Factors	Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS09-001
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-012.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-013
Bulletin Title	Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.   The security update addresses the vulnerability by correcting the way that DirectShow opens AVI files.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows except for all supported Itanium-based editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, for which this security update is rated Important.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	·        A maliciously crafted .AVI file. ·        A maliciously crafted e-mail attachment. ·        A maliciously crafted Web page.
Mitigating Factors	·        Users would have to be persuaded to visit a malicious Web site. ·        Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. ·        Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS09-028 and MS09-038
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-013.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-014
Bulletin Title	Vulnerability in Kerberos Could Allow Denial of Service (977290)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.   This update addresses the vulnerability by correcting the way the Kerberos server deals with ticket renewal requests.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008.
Attack Vectors	Maliciously crafted ticket renewal requests.
Mitigating Factors	Microsoft has not identified any mitigations or workarounds for this vulnerability.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-014.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS10-015
Bulletin Title	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Executive Summary	This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application.   The security update addresses the vulnerabilities by ensuring that the Windows Kernel handles exceptions properly.   This security update also addresses the vulnerability first described in Microsoft Security Advisory 979682.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 for 32-bit Systems.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.
Attack Vectors	·        A local logon ·        A maliciously crafted application
Mitigating Factors	To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS09-058
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-015.mspx

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

 

Microsoft CSS Security Team

 

 

Wes Yanaga | Partner Platform Strategy & Evangelism| US DPE West Region

Office: 650-693-2104 | Mobile: 650-678-1217 | Email: :wesy@microsoft.com | Twitter

Blog: CDS Partners |  Facebook – Partner Huddle.Net | LinkedIn -  .NET Dev Partners

 

       

 

‘If you don’t like change, you’re going to like irrelevance even less’ – General Eric Shinseki, Chief of Staff, U.S. Army (ret.)

 

 

 

Microsoft Security Bulletin MS10-002 – Critical: Cumulative Security Update for Internet Explorer (978207)

This update has been released and also addresses the vulnerability first described in Microsoft Security Advisory 979352. Please visit the sites for more information.

Bulletin ID	Bulletin Title	Max Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software*
MS09-069	Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)	Important	Denial of Service	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003
MS09-070	Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)	Important	Remote Code Execution	Requires restart	Microsoft Windows Server 2003 and Windows Server 2008
MS09-071	Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
MS09-072	Cumulative Security Update for Internet Explorer (976325)	Critical	Remote Code Execution	Requires restart	Internet Explorer on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
MS09-073	Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)	Important	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Office XP, Office 2003, Works 8.5, and Office Converter Pack
MS09-074	Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)	Critical	Remote Code Execution	May require restart	Microsoft Project 2000, Project 2002, and Project 2003
* The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the bulletin summary Web page link below and review the “Affected Software” section.

 

 

 

=================================

New Security Bulletins

=================================

Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:

Bulletin ID: MS09-069

Bulletin Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Max Severity Rating: Important

Vulnerability Impact: Denial of Service

Restart Requirement: Requires restart

Affected Software: Microsoft Windows 2000, Windows XP, and Windows Server 2003

——————————–

Bulletin ID: MS09-070

Bulletin Title: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Max Severity Rating: Important

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Windows Server 2003 and Windows Server 2008

——————————–

Bulletin ID: MS09-071

Bulletin Title: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

Max Severity Rating: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

——————————–

Bulletin ID: MS09-072

Bulletin Title: Cumulative Security Update for Internet Explorer (976325)

Max Severity Rating: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Internet Explorer on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

——————————–

Bulletin ID: MS09-073

Bulletin Title: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Max Severity Rating: Important

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Office XP, Office 2003, Works 8.5, and Office Converter Pack

——————————–

Bulletin ID: MS09-074

Bulletin Title: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

Max Severity Rating: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: May require restart

Affected Software: Microsoft Project 2000, Project 2002, and Project 2003

——————————–

Note: The list of affected software in the summary table above is an abstract. To see the full list of affected components please click on the “Advance Notification Web Page” link below and review the “Affected Software” section.

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx.

=================================

Malicious Software Removal Tool

=================================

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

=================================

High Priority Non-Security Updates

=================================

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

=================================

New Security Advisories (2)

=================================

In addition to new security bulletins, Microsoft is also releasing two new security advisories on December 08, 2009. Here is an overview:

Identifier: Security Advisory 954157 – Security Enhancements for the Indeo Codec

———————————

Summary: Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code remote code execution when opening specially crafted media content. The update blocks the Indeo codec from being launched in Internet Explorer or Windows Media player. The update also removes the ability for this codec to be loaded when browsing the Internet with any other applications. By only allowing applications to use the Indeo codec when the media content is from the local system or from the intranet zone, and by preventing Internet Explorer and Windows Media Player from launching the codec at all, this update removes the most common remote attack vectors but still allows games or other applications that leverage the codec locally to continue to function.

———————————

Affected Software:

• Microsoft Windows 2000 Service Pack 4

• Windows XP Service Pack 2 and Windows XP Service Pack 3

• Windows XP Professional x64 Edition Service Pack 2

• Windows Server 2003 Service Pack 2

• Windows Server 2003 x64 Edition Service Pack 2

• Windows Server 2003 with SP2 for Itanium-based Systems

———————————

Recommendations: Review Microsoft Security Advisory 954157 for an overview of the issue, details on affected components, workarounds, suggested actions, frequently asked questions (FAQs), and links to additional resources.

———————————

Workarounds: It is possible to disable this codec by deregistering the codec. For directions on how to deregister the codec, see Microsoft Knowledge Base Article 954157.

———————————

Additional Resources:

• Microsoft Security Advisory 954157 – Security Enhancements for the Indeo Codec- http://www.microsoft.com/technet/security/advisory/954157.mspx

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/

• Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/

• Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/

________________________________________

Identifier: Security Advisory 974926 – Credential Relaying Attacks on Integrated Windows Authentication

———————————

Summary: This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect against these attacks. In these attacks, an attacker who is able to obtain the user’s authentication credentials while being transferred between a client and a server would be able to reflect these credentials back to a service running on the client, or forward them to another server on which the client has a valid account. This would allow the attacker to gain access to these resources, impersonating the client. Since IWA credentials are hashed, an attacker cannot use this to ascertain the actual username and password. Depending on the scenario and the use of additional attack vectors, an attacker may be able to obtain authentication credentials both inside and outside of the organization’s security perimeter and utilize them to gain inappropriate access to resources. Microsoft is addressing the potential impact of these issues at different levels and wants to make customers aware of the tools that have been made available to address these issues, and the impact of using these tools. This advisory contains information on the different actions Microsoft has taken to improve protection of IWA authentication credentials, and how customers can deploy these safeguards.

———————————

Mitigating Factors:

• In order to relay credentials, an attacker would need to successfully leverage another vulnerability to execute a man-in-the-middle attack, or to convince the victim, using social engineering, to connect to a server under the attacker’s control, for instance by sending a link in a malicious e-mail message.

• Internet Explorer does not automatically send credentials using HTTP to servers hosted in the Internet zone. This reduces the risk that credentials can be forwarded or reflected by an attacker within this zone.

• Inbound traffic must be allowed to the client system for a reflection attack to succeed. The most common attack vector is SMB, as it allows IWA authentication. Hosts behind a firewall that blocks SMB traffic, or hosts that block SMB traffic on a host firewall are not vulnerable to the most common NTLM reflection attacks, which target SMB.

———————————

Recommendations: Review Microsoft Security Advisory 974926 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.

———————————

Additional Information:

Q: What versions of Windows are associated with this advisory?

A: Credential forwarding and reflection affects all platforms that have the ability to perform Integrated Windows Authentication. The Extended Protection for Authentication feature is included in Windows 7 and Windows Server 2008 R2, and was made available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 in a non-security update released as Microsoft Security Advisory 973811. In order to fully protect authentication credentials, specific applications on these operating systems still need to opt in to the mechanism. The Extended Protection feature is not available for the Microsoft Windows 2000 operating system.

———————————

Additional Resources:

• Microsoft Security Advisory 974926 – Credential Relaying Attacks on Integrated Windows Authentication – http://www.microsoft.com/technet/security/advisory/974926.mspx

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/

• Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/

• Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/

=================================

Revised Security Advisory

=================================

Microsoft has updated Security Advisory 973881 – Extended Protection for Authentication – on December 08, 2009.

———————————

Overview of Changes: Security Advisory 973881 was revised to include information about three non-security updates released on December 08, 2009, relating to the Extended Protection for Authentication feature. The three related non-security updates released by Microsoft on December 08, 2009 are:

• Microsoft Knowledge Base Article 971737 contains a non-security update that enables the Windows HTTP Services (WinHTTP) API to opt in to Extended Protection for Authentication.

• Microsoft Knowledge Base Article 970430 contains a non-security update that enables the HTTP Protocol Stack (http.sys) to opt in to Extended Protection for Authentication.

• Microsoft Knowledge Base Article 973917 contains a non-security update that enables Internet Information Services (IIS) to opt in to Extended Protection for Authentication.

———————————

Full Details: http://www.microsoft.com/technet/security/advisory/973881.mspx

=================================

Revised Security Bulletin

=================================

Microsoft has revised Security Bulletin MS08-037 – Vulnerabilities in DNS Could Allow Spoofing (953230) – on December 08, 2009.

———————————

Overview of changes:  Microsoft rereleased this security bulletin to reoffer the update for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB951748) to provide strongly random DNS transaction IDs to an additional code path. Unlike the other Windows platforms, on Microsoft Windows 2000, there are two code paths for DNS transactions. The previous update only provided the transaction ID randomization on one of the code paths. The rerelease of this update provides the same transaction ID randomization to the other code path on Microsoft Windows 2000. Customers who have previously installed the update for the DNS Client on Microsoft Windows 2000 Service Pack 4 (951748) need to install the automatically reoffered update. No other updates are affected by this rerelease.

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS08-037.mspx

=================================

Public Security Bulletin Webcast

=================================

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft December Security Bulletins (Level 200)

Date: Wednesday, December 08, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407802

=================================

New Bulletin Technical Details

=================================

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.

==================================

Microsoft Security Bulletin MS09-069

==================================

Bulletin Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted requests.

Severity Ratings and Affected Software

This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

———————————

Vulnerability Identifiers: CVE-2009-3675: Local Security Authority Subsystem Service Resource Exhaustion Vulnerability. Exploitability Rating = 3, Functioning exploit code unlikely. Notes: The vulnerability does not allow remote code execution, only denial of service that a remote, authenticated attacker could attempt to exploit.

———————————

Attack Vectors: A maliciously crafted ISAKMP message while connected and authenticated to an LSASS server over IPSEC.

———————————

Mitigating Factors: Microsoft has not identified any mitigations for this vulnerability.

———————————

Workarounds: Disable the IPSec service.

———————————

Restart Requirement: This update requires a restart.

———————————

Bulletins Replaced by This Update: For Windows 2000: MS06-025

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-069.mspx

==================================

Microsoft Security Bulletin MS09-070

==================================

Bulletin Title: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

———————————

Executive Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.

The security update addresses the vulnerabilities by correcting the validation that ADFS-enabled Web servers apply to request headers submitted by a Web client.

———————————

Severity Ratings and Affected Software: This security update is rated Important for affected releases of Windows Server 2003, Windows Server 2003 x64 Edition, Windows Server 2008, and Windows Server 2008 x64 Edition.

———————————

Vulnerability Identifiers:

• CVE-2009-2508: Single Sign On Spoofing in ADFS Vulnerability. Exploitability Rating = 3, Functioning exploit code unlikely. Notes: The vulnerability does not allow remote code execution, only spoofing.

• CVE-2009-2509. Remote Code Execution in ADFS Vulnerability. Exploitability Rating = 1, Consistent exploit code likely. Notes: The vulnerability is only exploitable by an authenticated attacker.

———————————

Attack Vectors:

• A maliciously crafted HTTP request to an ADFS-enabled Web server (CVE-2009-2509).

• The re-use of specific data from the browser’s cache to authenticate against the Web application implementing ADFS single sign-on (CVE-2009-2508).

———————————

Mitigating Factors:

• The attacker must have valid logon credentials to the vulnerable server (CVE-2009-2509).

• An attacker can only impersonate someone whose authentication token they have been able to obtain (CVE-2009-2508).

• An attack is only possible before the session times out on the server (CVE-2009-2508).

• If the Web application uses SSL, the attacker must have access to the victim’s computer to exploit the vulnerability (CVE-2009-2508).

———————————

Workarounds: Microsoft has not identified any workarounds for either of these vulnerabilities.

———————————

Restart Requirement: This update requires a restart.

———————————

Bulletins Replaced by This Update: None

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-070.mspx

=================================

Microsoft Security Bulletin MS09-071

=================================

Bulletin Title: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

———————————

Executive Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication.The security update addresses the vulnerabilities by correcting the way Internet Authentication Service validates authentication requests by PEAP clients.

———————————

Severity Ratings and Affected Software: This security update is rated Critical for Windows Server 2008 for 32-bit Systems Service Pack 2 and Windows Server 2008 for x64-based Systems Service Pack 2. For all other affected and supported releases of Windows, see the subsection, “Affected and Non-Affected Software”, in the bulletin.

———————————

Vulnerability Identifiers:

• CVE-2009-2505: Internet Authentication Service Memory Corruption Vulnerability. Exploitability Rating = 2, Inconsistent exploit code likely. Notes: Limited possibility for remote code execution. Most likely result is denial of service.

• CVE-2009-3677: MS-CHAP Authentication Bypass Vulnerability. Exploitability Rating = 3, Functioning exploit code unlikely. Notes: The vulnerability does not allow remote code execution, only elevation of privilege due to bypassing of network authentication.

———————————

Attack Vectors:

• An incorrectly formed PEAP authentication request (CVE-2009-2505).

• An incorrectly formed MS-CHAP v2 authentication request (CVE-2009-3677).

———————————

Mitigating Factors: Servers using IAS are only affected if they are configured to use PEAP with MS-CHAP v2 authentication.

———————————

Workarounds: Use an authentication protocol other than PEAP with MS-CHAP v2.

———————————

Restart Requirement: This update requires a restart.

———————————

Bulletins Replaced by This Update: None

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-071.mspx

=================================

Microsoft Security Bulletin MS09-072

=================================

Bulletin Title: Cumulative Security Update for Internet Explorer (976325)

———————————

Executive Summary: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution. The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory. This security update also addresses the vulnerability first described in Microsoft Security Advisory 977981.

———————————

Severity Ratings and Affected Software: This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7 (except when running on supported editions of Windows Server 2003 and Windows Server 2008), and Internet Explorer 8 (except when running on supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2). For Internet Explorer 7 and Internet Explorer 8 running on Windows servers as listed, this update is rated Moderate.

———————————

Vulnerability Identifiers:

• CVE-2009-2493: ATL COM Initialization Vulnerability. Exploitability Rating = 1, Consistent exploit code likely. Notes: This vulnerability was first addressed in MS09-035.

• CVE-2009-3671: Uninitialized Memory Corruption Vulnerability. Exploitability Rating = 1, Consistent exploit code likely. Notes: None.

• CVE-2009-3672: HTML Object Memory Corruption Vulnerability. Exploitability Rating = 1, Consistent exploit code likely. Notes: None.

• CVE-2009-3673: Uninitialized Memory Corruption Vulnerability. Exploitability Rating = 1, Consistent exploit code likely. Notes: None.

• CVE-2009-3674: Uninitialized Memory Corruption Vulnerability. Exploitability Rating = 1, Consistent exploit code likely. Notes: None.

———————————

Attack Vectors:

• A maliciously crafted Web page

• A maliciously crafted e-mail

———————————

Mitigating Factors:

• Users would have to be persuaded to visit a malicious Web site.

• Exploitation only gains the same user rights as the logged on account.

• By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted Sites zone.

• By default, IE on Windows 2003 and Windows Server 2008 runs in restricted mode.

———————————

Workarounds

• Set IE security to High for Internet and Intranet zones.

• Configure IE to prompt before running ActiveX and Active Scripting.

———————————

Restart Requirement: This update requires a restart.

———————————

Bulletins Replaced by This Update: MS09-054

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-072.mspx

=================================

Microsoft Security Bulletin MS09-073

=================================

Bulletin Title: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

———————————

Executive Summary: This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges. The security update addresses the vulnerability by correcting the way WordPad and the Office Text Converters parse Word 97 documents.

———————————

Severity Ratings and Affected Software: This security update is rated Important for WordPad on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. This security update is also rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office Converter Pack, and Microsoft Works 8.5.

———————————

Vulnerability Identifiers: CVE-2009-2506: WordPad and Office Text converter Memory Corruption Vulnerability. Exploitability Rating = 2, Inconsistent exploit code likely. Notes: None

———————————

Attack Vectors: A maliciously crafted Word document

———————————

Mitigating Factors:

• Exploitation only gains the same user rights as the logged on account.

• Users would have to be persuaded to visit a malicious Web site.

• Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.

• A Website will prompt to Open, Save, or Cancel before opening a document, unless the user had previously unchecked the option “Always ask before opening this type of file”.

———————————

Workarounds: Disable the WordPad Word 97 converter by restricting access to the converter file.

———————————

Restart Requirement: This update requires a restart.

———————————

Bulletins Replaced by This Update: For Office XP and the Office Converter Pack: MS09-010. For Works 8.5: MS09-024.

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx

=================================

Microsoft Security Bulletin MS09-074

=================================

Bulletin Title: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

———————————

Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The update removes the vulnerability by modifying the way that Microsoft Office Project validates memory allocations when opening Project files from disk to memory.

———————————

Severity Ratings and Affected Software: This security update is rated Critical for Microsoft Project 2000 Service Release 1 and rated Important for Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 3.

———————————

Vulnerability Identifiers: CVE-2009-0102: Project Memory Validation Vulnerability. Exploitability Rating = 2, Inconsistent exploit code likely. Notes: None

———————————

Attack Vectors:

• A maliciously crafted Project file

• A maliciously crafted Web page

• A maliciously crafted e-mail attachment

———————————

Mitigating Factors:

• Exploitation only gains the same user rights as the logged on account.

• Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.

———————————

Workarounds: Do not open or save Project files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.

———————————

Restart Requirement: This update may require a restart.

———————————

Bulletins Replaced by This Update: MS08-018

———————————

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-074.mspx

=================================

Regarding Information Consistency

=================================

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:

Bulletin ID: MS09-063

Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)

Max Severity: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Windows Vista and Windows Server 2008

——————————–

Bulletin ID: MS09-064

Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)

Max Severity: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Windows 2000 Server

——————————–

Bulletin ID: MS09-065

Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

Max Severity: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

——————————–

Bulletin ID: MS09-066

Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)

Max Severity: Important

Vulnerability Impact: Denial of Service

Restart Requirement: Requires restart

Affected Software: Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008

——————————–

Bulletin ID: MS09-067

Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

Max Severity: Important

Vulnerability Impact: Remote Code Execution

Restart Requirement: May require restart

Affected Software: Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

——————————–

Bulletin ID: MS09-068

Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)

Max Severity: Important

Vulnerability Impact: Remote Code Execution

Restart Requirement: May require restart

Affected Software: Microsoft Office Word 2002, Word 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Office Word Viewer, and Office Word Viewer 2003

——————————–

Note: The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin summary Web page at the link below and navigate to the “Affected Software” section.

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx.

=================================

Malicious Software Removal Tool

=================================

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

=================================

High Priority Non-Security Updates

=================================

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

=================================

Security Bulletin Major Revisions

=================================

Microsoft has revised Security Bulletin MS09-045 – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – on November 10, 2009.

Overview of changes: Microsoft rereleased this bulletin to add JScript 5.7 on Microsoft Windows 2000 Service Pack 4 as an affected product. Customers who have already installed this update do not need to take any action.

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx

________________________________________

Microsoft has revised Security Bulletin MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) – on November 10, 2009.

Overview of changes: Microsoft rereleased this bulletin to reoffer the update for Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx

=================================

Public Bulletin Release Webcast

=================================

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft November Security Bulletins (Level 200)

Date: Wednesday, November 11, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407490

=================================

New Bulletin Technical Details

=================================

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.

Bulletin Identifier: Microsoft Security Bulletin MS09-063

———————-

Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)

———————-

Executive Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. The security update addresses the vulnerability by correcting the processing of headers in WSD messages.

———————-

Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.

———————-

CVEs and Exploitability Index: CVE-2009-2512 – Web Services on Devices API Memory Corruption Vulnerability

EI = 2 (Inconsistent exploit code likely). Notes: The scenario allows for a possible, limited denial of service attack.

———————-

Attack Vectors: Maliciously crafted network packets

———————-

Mitigating Factors: The vulnerable service is only exposed to incoming connections from the local subnet.

———————-

Restart Requirement: You must restart your system after you apply this security update.

———————-

Removal Information: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

———————-

Bulletins Replaced by This Update: None

———————-

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-063.mspx

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

Bulletin Identifier: Microsoft Security Bulletin MS09-064

———————-

Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)

———————-

Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. The security update addresses the vulnerability by changing the way the License Logging service validates a specific field inside the RPC packet.

———————-

Severity Ratings and Affected Software: This security update is rated Critical for Microsoft Windows 2000.

———————-

CVEs and Exploitability Index: CVE-2009-2523 – License Logging Server Heap Overflow Vulnerability

EI = 2 (Inconsistent exploit code likely)

———————-

Attack Vectors: Sending a specially crafted RPC packet.

———————-

Mitigating Factors: Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.

———————-

Restart Requirement: You must restart your system after you apply this security update.

———————-

Removal Information: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

———————-

Bulletins Replaced by This Update: None

———————-

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-064.mspx

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

Bulletin Identifier: Microsoft Security Bulletin MS09-065

———————-

Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

———————-

Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. The security update addresses the vulnerabilities by correcting the method used for validating the argument passed to the system call, validating input passed from user mode through the kernel component of GDI, and correcting the manner in which Windows kernel-mode drivers parse font code.

———————-

Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008.

———————-

CVEs and Exploitability Index:

• CVE-2009-1127 – Win32k NULL Pointer Dereferencing Vulnerability, EI = 2 (Inconsistent exploit code likely)

• CVE-2009-2513 – Win32k Insufficient Data Validation Vulnerability, EI = 1 (Consistent exploit code likely)

• CVE-2009-2514 – Win32k EOT Parsing Vulnerability, EI = 1 (Consistent exploit code likely)

———————-

Attack Vectors:

• CVE-2009-1127 and CVE-2009-2513: A logon attempt with a legitimate username.

• CVE-2009-2514: A maliciously crafted Office document, Web page, or e-mail attachment.

———————-

Mitigating Factors:

• CVE-2009-1127 and CVE-2009-2513: An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

• CVE-2009-2514: An attacker would have no way to force users to visit a specially crafted Web site. Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.

———————-

Restart Requirement: You must restart your system after you apply this security update.

———————-

Removal Information:

• Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

• Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

———————-

Bulletins Replaced by This Update: MS09-025

———————-

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-065.mspx

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

Bulletin Identifier: Microsoft Security Bulletin MS09-066

———————-

Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)

———————-

Executive Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. The security update addresses the vulnerability by changing the way Active Directory, ADAM, and AD LDS process malformed LDAP or LDAPS requests.

———————-

Severity Ratings and Affected Software: This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008.

———————-

CVEs and Exploitability Index: CVE-2009-1928 – LSASS Recursive Stack Overflow Vulnerability

EI = 3 (Functioning exploit code unlikely). Notes: The condition for denial of service exists.

———————-

Attack Vectors: Maliciously crafted network packets

———————-

Mitigating Factors:

• This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.

Restart Requirement

You must restart your system after you apply this security update.

———————-

Removal Information:

• Windows 2000 Server, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

• Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

———————-

Bulletins Replaced by This Update:

• Windows 2000 Server, Windows XP, and Windows Server 2003: MS09-018

• Windows Server 2008: MS08-035

———————-

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-066.mspx

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

Bulletin Identifier: Microsoft Security Bulletin MS09-067

———————-

Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

———————-

Executive Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records.

———————-

Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.

———————-

CVEs and Exploitability Index:

• CVE-2009-3127 – Excel Cache Memory Corruption Vulnerability, EI = 2

• CVE-2009-3128 – Excel SxView Memory Corruption Vulnerability, EI = 2

• CVE-2009-3129 – Excel Featheader Record Memory Corruption Vulnerability, EI = 1

• CVE-2009-3130 – Excel Document Parsing Heap Overflow Vulnerability, EI = 1

• CVE-2009-3131 – Excel Formula Parsing Memory Corruption Vulnerability, EI = 1

• CVE-2009-3132 – Excel Index Parsing Vulnerability, EI = 2

• CVE-2009-3133 – Excel Document Parsing Memory Corruption Vulnerability, EI = 2

• CVE-2009-3134 – Excel Field Sanitization Vulnerability, EI = 2

o EI = 1: Consistent exploit code likely

o EI = 2: Inconsistent exploit code likely

———————-

Attack Vectors:

• A maliciously crafted Excel spreadsheet

• A maliciously crafted e-mail attachment

• A maliciously crafted Web page

———————-

Mitigating Factors:

• An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.

———————-

Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.

———————-

Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.

———————-

Bulletins Replaced by This Update: MS09-021

———————-

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

Bulletin Identifier: Microsoft Security Bulletin MS09-068

———————-

Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)

———————-

Executive Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The security update addresses the vulnerability by modifying the way that Microsoft Office Word opens specially crafted Word files.

———————-

Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer.

———————-

CVEs and Exploitability Index:

CVE-2009-3135 – Microsoft Office Word File Information Memory Corruption Vulnerability

EI = 1 (Consistent exploit code likely)

———————-

Attack Vectors:

• A maliciously crafted Word document

• A maliciously crafted e-mail attachment

• A maliciously crafted Web page

———————-

Mitigating Factors:

• Users would have to be persuaded to visit a malicious Web site.

• Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.

———————-

Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.

———————-

Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.

———————-

Bulletins Replaced by This Update: MS09-027

———————-

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-068.mspx

The list of patches are itemized below. If you have automating updating turned on, you might already have the updates. To learn how to turn automatic updating on for your operating system, see Update your PC automatically.

If you do not have automatic updating turned on, or to check whether you need the updates, go to Microsoft Update.

Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search using the words security update and the month the update was released.

Latest Security Updates

• MS09-050 - addresses a vulnerability in Microsoft Windows (KB 975517)
• MS09-051 - addresses a vulnerability in Windows Media (KB 975682)
• MS09-052 - addresses a vulnerability in Windows Media (KB 974112)
• MS09-053 - addresses a vulnerability in Internet Information Services (IIS) (KB 975254)
• MS09-054 - addresses a vulnerability in Internet Explorer (KB 974455)
• MS09-055 - addresses a vulnerability in Microsoft Windows (KB 973525)
• MS09-056 - addresses a vulnerability in Microsoft Windows (KB 974571)
• MS09-057 - addresses a vulnerability in Indexing Service (KB 969059)
• MS09-058 - addresses a vulnerability in Microsoft Windows (KB 971486)
• MS09-059 - addresses a vulnerability in Microsoft Windows (KB 975467)
• MS09-060 - addresses a vulnerability in Microsoft Office (KB 973965)
• MS09-061 - addresses a vulnerability in Microsoft .NET (KB 974378)
• MS09-062 - addresses a vulnerability in Microsoft Windows (KB 957488)

Today we released several updates to address critical vulnerabilities. Additional details are provided below:

This alert is to provide you with an overview of the new security bulletin(s) being released on August 11, 2009. Security bulletins are released monthly to resolve critical problem vulnerabilities.

 

The alert will also provide an overview on one new security advisory, one updated security advisory, and two revised security bulletins published on August 11, 2009.

 New Security Bulletins

Microsoft is releasing the following nine new security bulletins for newly discovered vulnerabilities:

 

Bulletin ID	Bulletin Title	Max Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software*
MS09-036	Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)	Important	Denial of Service	Does not require restart	Microsoft .NET Framework on Windows Vista and Windows Server 2008.
MS09-037	Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-038	Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-039	Vulnerabilities in WINS Could Allow Remote Code Execution (969883)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000 Server and Windows Server 2003
MS09-040	Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)	Important	Elevation of Privilege	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
MS09-041	Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)	Important	Elevation of Privilege	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-042	Vulnerability in Telnet Could Allow Remote Code Execution (960859)	Important	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-043	Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)	Critical	Remote Code Execution	May require restart	Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, and Microsoft BizTalk Server.
MS09-044	Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac.
* The list of affected software in the summary table is an abstract. To see the full list of affected components    please open the bulletin under consideration and review the "Affected Software" section.

 

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-aug.mspx.

 

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

 

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

 

 

In addition to new security bulletins, Microsoft is also releasing one new security advisory on August 11, 2009. Here is an overview:

Bulletin Identifier	Microsoft Security Bulletin MS09-044
Bulletin Title	Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Executive Summary	This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability.   The security update addresses the vulnerabilities by changing the way the Remote Desktop Connection deals with unexpected parameters sent by the RDP server and by correctly validating parameters passed to the Remote Desktop Connection ActiveX control methods.
Severity Ratings	This security update is rated Important for default versions of RDP on affected editions of Windows Vista, Windows Vista for x64-based Systems, and Remote Desktop Connection Client for Mac 2.0 and is rated Critical for all default versions of RDP on all other affected Windows editions. This security update is rated Important for RDP Version 6.0 that administrators can manually install on Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2 and is rated Critical for all other versions of RDP that administrators can manually install on affected Windows editions.
Attack Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac.
Attack Vectors	·        A malicious RDP server ·        A maliciously crafted Web page
Mitigating Factors	·        RDP Servers are not affected by these vulnerabilities, only RDP clients are affected. ·        Users would have to be persuaded to visit a malicious Web site. ·        Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        Cannot be exploited automatically through e-mail. The malicious file could be sent as an e-mail attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability. ·        By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx

 

Microsoft has updated Security Advisory 973882 – Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution – on August 11, 2009.

 

Overview of Changes: Advisory revised to add entries in the “Updates related to ATL” section to communicate the release of Microsoft Security Bulletin MS09-037, "Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution," and the re-release of Microsoft Security Bulletin MS09-035, "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution," to offer additional updates.

 

Full Details: http://www.microsoft.com/technet/security/advisory/973882.mspx

 

 

Microsoft has revised Security Bulletin MS09-029 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – on August 11, 2009.

 

Overview of changes:  Microsoft re-released this bulletin to re-offer the updates for the following platforms:

·        Microsoft Windows 2000 Service Pack 4

·        Windows XP Service Pack 2 and Windows XP Service Pack 3

·        Windows XP Professional x64 Edition Service Pack 2

·        Windows Server 2003 Service Pack 2

·        Windows Server 2003 x64 Edition Service Pack

·        Windows Server 2003 with SP2 for Itanium-Based Systems

 

The revised security updates correct an issue in the original security updates that could cause the print spooler to stop responding in certain situations. The revised updates are available through all of the same distribution channels as the original updates, including Automatic Updates, Windows Update, and Windows Server Update Services. Alternatively, customers who are running any of the affected software platforms may download and install the new updates manually. For more information on this known issue, see Microsoft Knowledge Base Article 961371.

 

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx

 

Microsoft has revised Security Bulletin MS09-035 – Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) – on August 11, 2009.

 

Overview of Changes:  Microsoft rereleased this bulletin to offer new updates for the following platforms:

·        Microsoft Visual Studio 2005 Service Pack 1 (KB973673)

·        Microsoft Visual Studio 2008 (KB973674)

·        Microsoft Visual Studio 2008 Service Pack 1 (KB973675)

 

The new security updates are for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices. All Visual Studio developers should install these new updates so that they can use Visual Studio to create components and controls that are not vulnerable to the reported issues.

For more information on this known issue, see Microsoft Knowledge Base Article 969706.

 

Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx

 

 

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft August Security Bulletins (Level 200)

Date: Wednesday, August 12, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032407484 

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.

 

Bulletin Identifier	Microsoft Security Bulletin MS09-036
Bulletin Title	Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Executive Summary	This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.   The security update addresses the vulnerability by changing the way ASP.NET manages request scheduling.
Severity Ratings	This security update is rated Important for all affected versions of Microsoft Windows.
Affected Software	Microsoft .NET Framework on Windows Vista and Windows Server 2008.
Attack Vectors	Specially crafted anonymous HTTP requests.
Mitigating Factors	·        The vulnerable code in Microsoft .NET Framework is exposed only through IIS 7.0. For systems not running IIS 7.0, there are no known attack vectors for this vulnerability. ·        Systems running ASP.NET on IIS 7.0 in classic mode are not affected by this vulnerability.
Restart Requirement	This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal Information	For both Windows Vista and Windows Server 2008, WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-036.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-037
Bulletin Title	Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
Executive Summary	This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious Web site. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.   The security update addresses the vulnerabilities by modifying the ATL headers so that components and controls built using the headers can safely initialize from a data stream, and by providing updated versions of Windows components and controls built using corrected ATL headers.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Attack Vectors	A maliciously crafted Web page.
Mitigating Factors	·        Users would have to be persuaded to visit a malicious Web site. ·        Exploitation only gains the same user rights as the logged on account. ·        By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode. ·        By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted Sites zone. ·        The majority of ActiveX controls are not included in the default allow-list in IE 7 or IE 8 running on Windows Vista or later operating systems. ·        DEP/NX memory protection is enabled in IE 8 on Windows XP SP3, Windows Vista SP1 and SP2, and Windows 7.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	MS05-013, MS07-047, and MS08-048
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-037.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-038
Bulletin Title	Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
Executive Summary	This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.   The security update addresses the vulnerabilities by correcting the manner in which AVI headers are processed and correcting the manner in which AVI data is validated.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Attack Vectors	·        Maliciously Crafted .AVI File ·        A maliciously crafted Web page ·        Maliciously Crafted E-mail Attachment
Mitigating Factors	·        Users would have to be persuaded to visit a malicious Web site or to open an e-mail attachment. ·        Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-038.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-039
Bulletin Title	Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Executive Summary	This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service.   The security update addresses the vulnerabilities by correcting the manner in which the WINS service calculates buffer length and introducing proper data validations on received packets on the WINS server.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003.
Affected Software	Microsoft Windows 2000 and Windows Server 2003.
Attack Vectors	A specially crafted WINS replication packet.
Mitigating Factors	·        By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue. ·        Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. ·        CVE-2009-1924 only affects WINS running on Windows 2000 Server.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
Bulletins Replaced by This Update	MS09-008
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-039.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-040
Bulletin Title	Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
Executive Summary	This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service.   The security update addresses the vulnerability by modifying the way that the MSMQ service validates input data before passing the data to the allocated buffer.
Severity Ratings	This security update is rated Important for Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Professional x64 Edition Service Pack 2; all supported editions of Windows Server 2003; and Windows Vista and Windows Vista x64 Edition.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
Attack Vectors	·        Maliciously Crafted Application ·        Maliciously Crafted Script
Mitigating Factors	·        By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually enable the Message Queuing component are likely to be vulnerable to this issue. ·        An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	MS07-065, MS08-065
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-040.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-041
Bulletin Title	Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
Executive Summary	This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.   The security update addresses the vulnerability by correcting the manner in which the Workstation service allocates and frees memory.
Severity Ratings	This security update is rated Important for all supported editions of Windows XP and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008.
Affected Software	Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Attack Vectors	·        Sending a specially crafted RPC packet ·        Maliciously Crafted Application ·        Maliciously Crafted Script
Mitigating Factors	·        An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. ·        Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows XP and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-041.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-042
Bulletin Title	Vulnerability in Telnet Could Allow Remote Code Execution (960859)
Executive Summary	This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems.   The security update addresses the vulnerability by modifying the way that the Telnet service validates authentication replies in order to prevent the relay of credentials.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Attack Vectors	A credential reflection attack.
Mitigating Factors	·        Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the SMB port, which is the most likely target for credentials to be reflected back to, should be blocked from the Internet.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-043
Bulletin Title	Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
Executive Summary	This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page.   The security update addresses the vulnerabilities by correctly handling memory allocation when the ActiveX control is used in Internet Explorer, correcting validation logic for Office Web Components ActiveX control methods, and performing additional parameter validation.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2000 Web Components, Microsoft Office XP Web Components, Microsoft Office 2003 Web Components, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system, Microsoft Internet Security and Acceleration Server 2004 Standard Edition, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006, Microsoft BizTalk Server 2002, Microsoft Visual Studio .NET 2003, and Microsoft Office Small Business Accounting 2006.
Affected Software	Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2000 Web Components, Microsoft Office XP Web Components, Microsoft Office 2003 Web Components, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system, Microsoft Internet Security and Acceleration Server 2004 Standard Edition, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006, Microsoft BizTalk Server 2002, Microsoft Visual Studio .NET 2003, and Microsoft Office Small Business Accounting 2006.
Attack Vectors	A maliciously crafted Web page.
Mitigating Factors	·        Users would have to be persuaded to visit a malicious Web site. ·        An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted Sites zone. ·        By default, IE on Windows Server 2003 and Windows Server 2008 runs in a restricted mode.
Restart Requirement	Restart requirements vary depending on which component is installed. Consult the bulletin for full details.
Removal Information	Removal steps vary depending on which component is installed. Consult the bulletin for full details.
Bulletins Replaced by This Update	MS08-017
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-043.mspx

 

Bulletin Identifier	Microsoft Security Bulletin MS09-044
Bulletin Title	Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Executive Summary	This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability.   The security update addresses the vulnerabilities by changing the way the Remote Desktop Connection deals with unexpected parameters sent by the RDP server and by correctly validating parameters passed to the Remote Desktop Connection ActiveX control methods.
Severity Ratings	This security update is rated Important for default versions of RDP on affected editions of Windows Vista, Windows Vista for x64-based Systems, and Remote Desktop Connection Client for Mac 2.0 and is rated Critical for all default versions of RDP on all other affected Windows editions. This security update is rated Important for RDP Version 6.0 that administrators can manually install on Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2 and is rated Critical for all other versions of RDP that administrators can manually install on affected Windows editions.
Attack Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac.
Attack Vectors	·        A malicious RDP server ·        A maliciously crafted Web page
Mitigating Factors	·        RDP Servers are not affected by these vulnerabilities, only RDP clients are affected. ·        Users would have to be persuaded to visit a malicious Web site. ·        Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ·        Cannot be exploited automatically through e-mail. The malicious file could be sent as an e-mail attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability. ·        By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High.
Restart Requirement	You must restart your system after you apply this security update.
Removal Information	·        Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. ·        Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

 

 

 

We released several security updates today. Six updates are listed as critical.  Please read the Security Bulletin Summary for June 2009 for more details.

• MS09-018 – addresses a vulnerability in Microsoft Windows (KB 971055)
• MS09-019 – addresses a vulnerability in Microsoft Internet Explorer (KB 969897)
• MS09-020 – addresses a vulnerability in Microsoft Internet Information Services (KB 970483)
• MS09-021 – addresses a vulnerability in Microsoft Office (KB 969462)
• MS09-022 – addresses a vulnerability in Microsoft Windows (KB 961501)
• MS09-023 – addresses a vulnerability in Microsoft Windows (KB 963093)
• MS09-024 – addresses a vulnerability in Microsoft Office (KB 957632)
• MS09-025 – addresses a vulnerability in Microsoft Windows (KB 968537)
• MS09-026 – addresses a vulnerability in Microsoft Windows (KB 970238)
• MS09-027 – addresses a vulnerability in Microsoft Office (KB 969514)

Here’s a summary from the article on TechNet and a link to the webcast. Get the patch from Windows Update.

This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execu

tion if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000. For supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; all supported versions of PowerPoint Viewer, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; Microsoft Works 8.5; and Microsoft Works 9.0, this security update is rated Important. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that PowerPoint handles conditions that could cause memory corruption when opening specially crafted PowerPoint files. This update also addresses the vulnerabilities by preventing Microsoft Office PowerPoint 2000 and Microsoft Office PowerPoint 2002 from opening PowerPoint 4.0 native file formats. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 969136.

Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. Microsoft Knowledge Base Article 967340 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues. When currently known issues and recommended solutions pertain only to specific releases of this software, this article provides links to further articles.

• MS09-009 – addresses a vulnerability in Microsoft Office (KB 968557)
• MS09-010 – addresses a vulnerability in Microsoft Windows and Microsoft Office (KB 960477)
• MS09-011 – addresses a vulnerability in Microsoft Windows (KB 961373)
• MS09-012 – addresses a vulnerability in Microsoft Windows (KB 959454)
• MS09-013 – addresses a vulnerability in Microsoft Windows (KB 960803)
• MS09-014 – addresses a vulnerability in Microsoft Internet Explorer (KB 963027)
• MS09-015 – addresses a vulnerability in Microsoft Windows (KB 959426)
• MS09-016 – addresses a vulnerability in Microsoft ISA Server (KB 961759)

Download Here