Tuesday, September 08, 2009

Microsoft Security Bulletins 08Sep09

Following is an overview of the five new security bulletins being released today, each identified as Critical and having a Vulnerability Impact identified as Remote Code Execution.

Note that MS09-048and MS09-049 require a restart. The other updates may require a restart, depending upon what programs are open at the time of update. The best practice is to restart the computer after applying any updates.

At the MSRC Blog, Jerry Bryant has provided an outstanding explanation of the updates with slides illustrating the Severity and Exploitability Index as well as Deployment Priority, in which he advised:
". . . we give MS09-045 and MS09-047 the highest deployment priority mainly due to these being browse and own attack scenarios and a high exploitability index rating. Exploits for MS09-047 can also be created through specially crafted files such as ASF and MP3 audio files. These files could then be sent via email."
New Bulletins:

MS09-045
  • Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
  • Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
MS09-046
  • Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
  • Affected Software: Microsoft Windows 2000, Windows XP, and Windows Server 2003
MS09-047
  • Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
  • Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
MS09-048
  • Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
  • Affected Software: Microsoft Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008
MS09-049
  • Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
  • Affected Software: Microsoft Windows Vista and Windows Server 2008

Revised Security Bulletin:

Microsoft has revised Security Bulletin MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) - on September 08, 2009.



References:

MSRC: September 2009 Security Bulletin Release
TechNet: Microsoft security bulletin summary for September 2009




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)