Posts Tagged ‘Update’
November Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:
Bulletin ID: MS09-063
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista and Windows Server 2008
——————————–
Bulletin ID: MS09-064
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server
——————————–
Bulletin ID: MS09-065
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
——————————–
Bulletin ID: MS09-066
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
Max Severity: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008
——————————–
Bulletin ID: MS09-067
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
——————————–
Bulletin ID: MS09-068
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Word 2002, Word 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Office Word Viewer, and Office Word Viewer 2003
——————————–
Note: The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin summary Web page at the link below and navigate to the “Affected Software” section.
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx.
=================================
Malicious Software Removal Tool
=================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
=================================
High Priority Non-Security Updates
=================================
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
=================================
Security Bulletin Major Revisions
=================================
Microsoft has revised Security Bulletin MS09-045 – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to add JScript 5.7 on Microsoft Windows 2000 Service Pack 4 as an affected product. Customers who have already installed this update do not need to take any action.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx
________________________________________
Microsoft has revised Security Bulletin MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to reoffer the update for Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx
=================================
Public Bulletin Release Webcast
=================================
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft November Security Bulletins (Level 200)
Date: Wednesday, November 11, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407490
=================================
New Bulletin Technical Details
=================================
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
Bulletin Identifier: Microsoft Security Bulletin MS09-063
———————-
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. The security update addresses the vulnerability by correcting the processing of headers in WSD messages.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-2512 – Web Services on Devices API Memory Corruption Vulnerability
EI = 2 (Inconsistent exploit code likely). Notes: The scenario allows for a possible, limited denial of service attack.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors: The vulnerable service is only exposed to incoming connections from the local subnet.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-063.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-064
———————-
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. The security update addresses the vulnerability by changing the way the License Logging service validates a specific field inside the RPC packet.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for Microsoft Windows 2000.
———————-
CVEs and Exploitability Index: CVE-2009-2523 – License Logging Server Heap Overflow Vulnerability
EI = 2 (Inconsistent exploit code likely)
———————-
Attack Vectors: Sending a specially crafted RPC packet.
———————-
Mitigating Factors: Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-064.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-065
———————-
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. The security update addresses the vulnerabilities by correcting the method used for validating the argument passed to the system call, validating input passed from user mode through the kernel component of GDI, and correcting the manner in which Windows kernel-mode drivers parse font code.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index:
• CVE-2009-1127 – Win32k NULL Pointer Dereferencing Vulnerability, EI = 2 (Inconsistent exploit code likely)
• CVE-2009-2513 – Win32k Insufficient Data Validation Vulnerability, EI = 1 (Consistent exploit code likely)
• CVE-2009-2514 – Win32k EOT Parsing Vulnerability, EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• CVE-2009-1127 and CVE-2009-2513: A logon attempt with a legitimate username.
• CVE-2009-2514: A maliciously crafted Office document, Web page, or e-mail attachment.
———————-
Mitigating Factors:
• CVE-2009-1127 and CVE-2009-2513: An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
• CVE-2009-2514: An attacker would have no way to force users to visit a specially crafted Web site. Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: MS09-025
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-065.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-066
———————-
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. The security update addresses the vulnerability by changing the way Active Directory, ADAM, and AD LDS process malformed LDAP or LDAPS requests.
———————-
Severity Ratings and Affected Software: This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-1928 – LSASS Recursive Stack Overflow Vulnerability
EI = 3 (Functioning exploit code unlikely). Notes: The condition for denial of service exists.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors:
• This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Restart Requirement
You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000 Server, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update:
• Windows 2000 Server, Windows XP, and Windows Server 2003: MS09-018
• Windows Server 2008: MS08-035
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-066.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-067
———————-
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.
———————-
CVEs and Exploitability Index:
• CVE-2009-3127 – Excel Cache Memory Corruption Vulnerability, EI = 2
• CVE-2009-3128 – Excel SxView Memory Corruption Vulnerability, EI = 2
• CVE-2009-3129 – Excel Featheader Record Memory Corruption Vulnerability, EI = 1
• CVE-2009-3130 – Excel Document Parsing Heap Overflow Vulnerability, EI = 1
• CVE-2009-3131 – Excel Formula Parsing Memory Corruption Vulnerability, EI = 1
• CVE-2009-3132 – Excel Index Parsing Vulnerability, EI = 2
• CVE-2009-3133 – Excel Document Parsing Memory Corruption Vulnerability, EI = 2
• CVE-2009-3134 – Excel Field Sanitization Vulnerability, EI = 2
o EI = 1: Consistent exploit code likely
o EI = 2: Inconsistent exploit code likely
———————-
Attack Vectors:
• A maliciously crafted Excel spreadsheet
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-021
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-068
———————-
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
———————-
Executive Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The security update addresses the vulnerability by modifying the way that Microsoft Office Word opens specially crafted Word files.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer.
———————-
CVEs and Exploitability Index:
CVE-2009-3135 – Microsoft Office Word File Information Memory Corruption Vulnerability
EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• A maliciously crafted Word document
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• Users would have to be persuaded to visit a malicious Web site.
• Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-027
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-068.mspx
August 2009, Microsoft Security Bulletin and Advisory Release
Today we released several updates to address critical vulnerabilities. Additional details are provided below:
This alert is to provide you with an overview of the new security bulletin(s) being released on August 11, 2009. Security bulletins are released monthly to resolve critical problem vulnerabilities.
The alert will also provide an overview on one new security advisory, one updated security advisory, and two revised security bulletins published on August 11, 2009.
New Security Bulletins
Microsoft is releasing the following nine new security bulletins for newly discovered vulnerabilities:
|
Bulletin ID
|
Bulletin Title
|
Max Severity Rating
|
Vulnerability Impact
|
Restart Requirement
|
Affected Software*
|
|
MS09-036 |
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) |
Important |
Denial of Service |
Does not require restart |
Microsoft .NET Framework on Windows Vista and Windows Server 2008. |
|
MS09-037 |
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) |
Critical |
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
|
MS09-038 |
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) |
Critical |
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
|
MS09-039 |
Vulnerabilities in WINS Could Allow Remote Code Execution (969883) |
Critical |
Remote Code Execution |
Requires restart |
Microsoft Windows 2000 Server and Windows Server 2003 |
|
MS09-040 |
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) |
Important |
Elevation of Privilege |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. |
|
MS09-041 |
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) |
Important |
Elevation of Privilege |
Requires restart |
Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
|
MS09-042 |
Vulnerability in Telnet Could Allow Remote Code Execution (960859) |
Important |
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
|
MS09-043 |
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) |
Critical |
Remote Code Execution |
May require restart |
Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, and Microsoft BizTalk Server. |
|
MS09-044 |
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) |
Critical |
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac. |
|
* The list of affected software in the summary table is an abstract. To see the full list of affected components please open the bulletin under consideration and review the "Affected Software" section. |
|||||
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-aug.mspx.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
New Security Advisory
In addition to new security bulletins, Microsoft is also releasing one new security advisory on August 11, 2009. Here is an overview:
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-044
|
|
Bulletin Title
|
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
|
|
Executive Summary
|
This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability.
The security update addresses the vulnerabilities by changing the way the Remote Desktop Connection deals with unexpected parameters sent by the RDP server and by correctly validating parameters passed to the Remote Desktop Connection ActiveX control methods.
|
|
Severity Ratings
|
This security update is rated Important for default versions of RDP on affected editions of Windows Vista, Windows Vista for x64-based Systems, and Remote Desktop Connection Client for Mac 2.0 and is rated Critical for all default versions of RDP on all other affected Windows editions. This security update is rated Important for RDP Version 6.0 that administrators can manually install on Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2 and is rated Critical for all other versions of RDP that administrators can manually install on affected Windows editions.
|
|
Attack Software
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac.
|
|
Attack Vectors
|
· A malicious RDP server
· A maliciously crafted Web page
|
|
Mitigating Factors
|
· RDP Servers are not affected by these vulnerabilities, only RDP clients are affected.
· Users would have to be persuaded to visit a malicious Web site.
· Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Cannot be exploited automatically through e-mail. The malicious file could be sent as an e-mail attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.
· By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx
|
Updated Security Advisory
Microsoft has updated Security Advisory 973882 – Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution – on August 11, 2009.
Overview of Changes: Advisory revised to add entries in the “Updates related to ATL” section to communicate the release of Microsoft Security Bulletin MS09-037, "Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution," and the re-release of Microsoft Security Bulletin MS09-035, "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution," to offer additional updates.
Full Details: http://www.microsoft.com/technet/security/advisory/973882.mspx
Revised Security Bulletins (2)
Microsoft has revised Security Bulletin MS09-029 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – on August 11, 2009.
Overview of changes: Microsoft re-released this bulletin to re-offer the updates for the following platforms:
|
· Microsoft Windows 2000 Service Pack 4
|
|
· Windows XP Service Pack 2 and Windows XP Service Pack 3
|
|
· Windows XP Professional x64 Edition Service Pack 2
|
|
· Windows Server 2003 Service Pack 2
|
|
· Windows Server 2003 x64 Edition Service Pack
|
|
· Windows Server 2003 with SP2 for Itanium-Based Systems
|
The revised security updates correct an issue in the original security updates that could cause the print spooler to stop responding in certain situations. The revised updates are available through all of the same distribution channels as the original updates, including Automatic Updates, Windows Update, and Windows Server Update Services. Alternatively, customers who are running any of the affected software platforms may download and install the new updates manually. For more information on this known issue, see Microsoft Knowledge Base Article 961371.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Microsoft has revised Security Bulletin MS09-035 – Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) – on August 11, 2009.
Overview of Changes: Microsoft rereleased this bulletin to offer new updates for the following platforms:
|
· Microsoft Visual Studio 2005 Service Pack 1 (KB973673)
|
|
· Microsoft Visual Studio 2008 (KB973674)
|
|
· Microsoft Visual Studio 2008 Service Pack 1 (KB973675)
|
The new security updates are for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices. All Visual Studio developers should install these new updates so that they can use Visual Studio to create components and controls that are not vulnerable to the reported issues.
For more information on this known issue, see Microsoft Knowledge Base Article 969706.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx
Public Bulletin Webcast
Microsoft will host a Webcast to address customer questions on these bulletins:
Title: Information about Microsoft August Security Bulletins (Level 200)
Date: Wednesday, August 12, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032407484
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-036
|
|
Bulletin Title
|
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
|
|
Executive Summary
|
This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.
The security update addresses the vulnerability by changing the way ASP.NET manages request scheduling. |
|
Severity Ratings
|
This security update is rated Important for all affected versions of Microsoft Windows.
|
|
Affected Software
|
Microsoft .NET Framework on Windows Vista and Windows Server 2008.
|
|
Attack Vectors
|
Specially crafted anonymous HTTP requests.
|
|
Mitigating Factors
|
· The vulnerable code in Microsoft .NET Framework is exposed only through IIS 7.0. For systems not running IIS 7.0, there are no known attack vectors for this vulnerability.
· Systems running ASP.NET on IIS 7.0 in classic mode are not affected by this vulnerability.
|
|
Restart Requirement
|
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
|
|
Removal Information
|
For both Windows Vista and Windows Server 2008, WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-036.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-037
|
|
Bulletin Title
|
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
|
|
Executive Summary
|
This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious Web site. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update addresses the vulnerabilities by modifying the ATL headers so that components and controls built using the headers can safely initialize from a data stream, and by providing updated versions of Windows components and controls built using corrected ATL headers.
|
|
Severity Ratings
|
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
|
|
Affected Software
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
|
|
Attack Vectors
|
A maliciously crafted Web page.
|
|
Mitigating Factors
|
· Users would have to be persuaded to visit a malicious Web site.
· Exploitation only gains the same user rights as the logged on account.
· By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode.
· By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted Sites zone.
· The majority of ActiveX controls are not included in the default allow-list in IE 7 or IE 8 running on Windows Vista or later operating systems.
· DEP/NX memory protection is enabled in IE 8 on Windows XP SP3, Windows Vista SP1 and SP2, and Windows 7.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
MS05-013, MS07-047, and MS08-048
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-037.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-038
|
|
Bulletin Title
|
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
|
|
Executive Summary
|
This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
The security update addresses the vulnerabilities by correcting the manner in which AVI headers are processed and correcting the manner in which AVI data is validated.
|
|
Severity Ratings
|
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
|
|
Affected Software
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
|
|
Attack Vectors
|
· Maliciously Crafted .AVI File
· A maliciously crafted Web page
· Maliciously Crafted E-mail Attachment
|
|
Mitigating Factors
|
· Users would have to be persuaded to visit a malicious Web site or to open an e-mail attachment.
· Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-038.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-039
|
|
Bulletin Title
|
Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
|
|
Executive Summary
|
This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service.
The security update addresses the vulnerabilities by correcting the manner in which the WINS service calculates buffer length and introducing proper data validations on received packets on the WINS server.
|
|
Severity Ratings
|
This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003.
|
|
Affected Software
|
Microsoft Windows 2000 and Windows Server 2003.
|
|
Attack Vectors
|
A specially crafted WINS replication packet.
|
|
Mitigating Factors
|
· By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.
· Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
· CVE-2009-1924 only affects WINS running on Windows 2000 Server.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
|
|
Bulletins Replaced by This Update
|
MS09-008
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-039.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-040
|
|
Bulletin Title
|
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
|
|
Executive Summary
|
This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service.
The security update addresses the vulnerability by modifying the way that the MSMQ service validates input data before passing the data to the allocated buffer.
|
|
Severity Ratings
|
This security update is rated Important for Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Professional x64 Edition Service Pack 2; all supported editions of Windows Server 2003; and Windows Vista and Windows Vista x64 Edition.
|
|
Affected Software
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
|
|
Attack Vectors
|
· Maliciously Crafted Application
· Maliciously Crafted Script
|
|
Mitigating Factors
|
· By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually enable the Message Queuing component are likely to be vulnerable to this issue.
· An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
MS07-065, MS08-065
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-040.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-041
|
|
Bulletin Title
|
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
|
|
Executive Summary
|
This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
The security update addresses the vulnerability by correcting the manner in which the Workstation service allocates and frees memory.
|
|
Severity Ratings
|
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008.
|
|
Affected Software
|
Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
|
|
Attack Vectors
|
· Sending a specially crafted RPC packet
· Maliciously Crafted Application
· Maliciously Crafted Script
|
|
Mitigating Factors
|
· An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
· Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows XP and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-041.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-042
|
|
Bulletin Title
|
Vulnerability in Telnet Could Allow Remote Code Execution (960859)
|
|
Executive Summary
|
This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems.
The security update addresses the vulnerability by modifying the way that the Telnet service validates authentication replies in order to prevent the relay of credentials.
|
|
Severity Ratings
|
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008.
|
|
Affected Software
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
|
|
Attack Vectors
|
A credential reflection attack.
|
|
Mitigating Factors
|
· Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the SMB port, which is the most likely target for credentials to be reflected back to, should be blocked from the Internet.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-043
|
|
Bulletin Title
|
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
|
|
Executive Summary
|
This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page.
The security update addresses the vulnerabilities by correctly handling memory allocation when the ActiveX control is used in Internet Explorer, correcting validation logic for Office Web Components ActiveX control methods, and performing additional parameter validation.
|
|
Severity Ratings
|
This security update is rated Critical for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2000 Web Components, Microsoft Office XP Web Components, Microsoft Office 2003 Web Components, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system, Microsoft Internet Security and Acceleration Server 2004 Standard Edition, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006, Microsoft BizTalk Server 2002, Microsoft Visual Studio .NET 2003, and Microsoft Office Small Business Accounting 2006.
|
|
Affected Software
|
Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2000 Web Components, Microsoft Office XP Web Components, Microsoft Office 2003 Web Components, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system, Microsoft Internet Security and Acceleration Server 2004 Standard Edition, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006, Microsoft BizTalk Server 2002, Microsoft Visual Studio .NET 2003, and Microsoft Office Small Business Accounting 2006.
|
|
Attack Vectors
|
A maliciously crafted Web page.
|
|
Mitigating Factors
|
· Users would have to be persuaded to visit a malicious Web site.
· An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted Sites zone.
· By default, IE on Windows Server 2003 and Windows Server 2008 runs in a restricted mode.
|
|
Restart Requirement
|
Restart requirements vary depending on which component is installed. Consult the bulletin for full details.
|
|
Removal Information
|
Removal steps vary depending on which component is installed. Consult the bulletin for full details.
|
|
Bulletins Replaced by This Update
|
MS08-017
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-043.mspx
|
|
Bulletin Identifier
|
Microsoft Security Bulletin MS09-044
|
|
Bulletin Title
|
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
|
|
Executive Summary
|
This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability.
The security update addresses the vulnerabilities by changing the way the Remote Desktop Connection deals with unexpected parameters sent by the RDP server and by correctly validating parameters passed to the Remote Desktop Connection ActiveX control methods.
|
|
Severity Ratings
|
This security update is rated Important for default versions of RDP on affected editions of Windows Vista, Windows Vista for x64-based Systems, and Remote Desktop Connection Client for Mac 2.0 and is rated Critical for all default versions of RDP on all other affected Windows editions. This security update is rated Important for RDP Version 6.0 that administrators can manually install on Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2 and is rated Critical for all other versions of RDP that administrators can manually install on affected Windows editions.
|
|
Attack Software
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac.
|
|
Attack Vectors
|
· A malicious RDP server
· A maliciously crafted Web page
|
|
Mitigating Factors
|
· RDP Servers are not affected by these vulnerabilities, only RDP clients are affected.
· Users would have to be persuaded to visit a malicious Web site.
· Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
· Cannot be exploited automatically through e-mail. The malicious file could be sent as an e-mail attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.
· By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High.
|
|
Restart Requirement
|
You must restart your system after you apply this security update.
|
|
Removal Information
|
· Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
· Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx
|
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
Patch Tuesday – June 9
We released several security updates today. Six updates are listed as critical. Please read the Security Bulletin Summary for June 2009 for more details.
- MS09-018 – addresses a vulnerability in Microsoft Windows (KB 971055)
- MS09-019 – addresses a vulnerability in Microsoft Internet Explorer (KB 969897)
- MS09-020 – addresses a vulnerability in Microsoft Internet Information Services (KB 970483)
- MS09-021 – addresses a vulnerability in Microsoft Office (KB 969462)
- MS09-022 – addresses a vulnerability in Microsoft Windows (KB 961501)
- MS09-023 – addresses a vulnerability in Microsoft Windows (KB 963093)
- MS09-024 – addresses a vulnerability in Microsoft Office (KB 957632)
- MS09-025 – addresses a vulnerability in Microsoft Windows (KB 968537)
- MS09-026 – addresses a vulnerability in Microsoft Windows (KB 970238)
- MS09-027 – addresses a vulnerability in Microsoft Office (KB 969514)
Security Updates for April 14, 2009
- MS09-009 – addresses a vulnerability in Microsoft Office (KB 968557)
- MS09-010 – addresses a vulnerability in Microsoft Windows and Microsoft Office (KB 960477)
- MS09-011 – addresses a vulnerability in Microsoft Windows (KB 961373)
- MS09-012 – addresses a vulnerability in Microsoft Windows (KB 959454)
- MS09-013 – addresses a vulnerability in Microsoft Windows (KB 960803)
- MS09-014 – addresses a vulnerability in Microsoft Internet Explorer (KB 963027)
- MS09-015 – addresses a vulnerability in Microsoft Windows (KB 959426)
- MS09-016 – addresses a vulnerability in Microsoft ISA Server (KB 961759)
Automatic Update distribution of IE8
Around the third week April, users still running IE6 or IE7 on WinXP, Vista, Win Server 2003 or 2008 will get a notification through Automatic Update about IE8. This will be a staged roll out over time to the entire user base.
- Windows XP and Win Server 2003, the update will be categorized as High Priority
- Vista and Win Server 2008, the update will be categorized as Important
- IE will not automatically install on their machines. Users must opt-in.
Reference Links:
Prepare for Automatic Update Distribution of IE8
Partner Otaku 