Microsoft Security Bulletin Summary for August 2009

Microsoft Security Bulletin Summary for august 2009

Microsoft Security Bulletin Summary for august 2009
Published: august 11 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx

Critical (5)

Microsoft Security Bulletin MS09-043 - Critical
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (95763
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx


Microsoft Security Bulletin MS09-044 - Critical
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx

Microsoft Security Bulletin MS09-039 - Critical
Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-039.mspx

Microsoft Security Bulletin MS09-038 - Critical
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-038.mspx

Microsoft Security Bulletin MS09-037 - Critical
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (97390
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx


Important (4 )

Microsoft Security Bulletin MS09-041 - Important
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-041.mspx

Microsoft Security Bulletin MS09-040 - Important
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-040.mspx

Microsoft Security Bulletin MS09-036 - Important
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-036.mspx

Microsoft Security Bulletin MS09-042 - Important
Vulnerability in Telnet Could Allow Remote Code Execution (960859)
Published: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200)
Event ID: 1032407484

Language(s): English.
Product(s): Security.
Audience(s): IT Professional.


Duration: 90 Minutes
Start Date: Wednesday, August 12, 2009 11:00 AM Pacific Time (US & Canada)



Event Overview

On August 12, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the August security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Christopher Budd, Trustworthy Computing Senior Public Relations Manager, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register now for the august security bulletin webcast.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: august 11, 2009

New Additions

We have added detection and cleaning capabilities for the following malicious software:

FakeRean
http://go.microsoft.com/fwlink/?LinkId=37020&Name=Trojan:Win32/FakeRean

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

Microsoft Security Advisory (973811)
Extended Protection for Authentication
Published: August 11, 2009

Version: 1.0

Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials.

Mitigating Factors:

• Internet Explorer will never send credentials automatically to servers hosted in the Internet zone. This reduces the risk that credentials can be forwarded by an attacker within this zone.

• Applications that use session signing and encryption (such as remote procedure call (RPC) with privacy and integrity, or server message block (SMB) with signing enabled) are not affected by credential forwarding.

http://www.microsoft.com/technet/security/advisory/973811.mspx

 

Microsoft Security Bulletin Minor Revisions - Aug. 12, 2009

Title: Microsoft Security Bulletin Minor Revisions
Issued: August 12, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-043 - Critical
* MS09-042 - Important
* MS09-039 - Critical
* MS09-037 - Critical
* MS09-035 - Moderate

Bulletin Information:

* MS09-043 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx

* MS09-042 - Important
http://www.microsoft.com/technet/security/bulletin/ms09-042.mspx

MS09-037 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

* MS09-035 - Moderate
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

 

Microsoft Security Bulletin Major Revisions - Aug. 25, 2009

Title: Microsoft Security Bulletin Major Revisions
Issued: August 25, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-044 - Critical
* MS09-029 - Critical

Bulletin Information:

* MS09-044 - Critical

http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx

- Reason for Revision: V2.0 (August 25, 2009): Corrected the
download link for RDP Version 5.2 for Windows XP Service Pack
2 (KB958469). Also corrected the footnote that prescribed an
erroneous install sequence for KB958471 and KB958470.
Customers who have successfully installed these updates do
not need to reinstall.
- Originally posted: August 11, 2009
- Updated: August 25, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS09-029 - Critical

http://www.microsoft.com/technet/security/bulletin/ms09-029.mspx

- Reason for Revision: V3.0 (August 25, 2009): Added an entry to
the section, Frequently Asked Questions (FAQ) Related to This
Security Update to communicate the rerelease of the
Japanese-language update for Windows XP Service Pack 2,
Windows XP Service Pack 3, and Windows XP Professional x64
Edition Service Pack 2. Customers who require the
Japanese-language update need to install the rereleased
update. No other updates or locales are affected by this rerelease.
- Originally posted: July 14, 2009
- Updated: August 25, 2009
- Bulletin Severity Rating: Critical
- Version: 3.0

 

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
Published: July 28, 2009 | Updated: August 25, 2009

http://www.microsoft.com/technet/security/advisory/973882.mspx

Microsoft Security Advisory (967940)
Update for Windows Autorun
Published: February 24, 2009 | Updated: August 25, 2009

http://www.microsoft.com/technet/security/advisory/967940.mspx

 

Microsoft Security Bulletin MS09-014 - Critical
Cumulative Security Update for Internet Explorer (963027)
Published: April 14, 2009 | Updated: August 25, 2009

V1.3 (August 25, 2009): Corrected the SearchPath feature control key specified in the entry about CVE-2008-2540 in the section, Frequently Asked Questions (FAQ) Related to This Security Update.



http://www.microsoft.com/technet/security/bulletin/ms09-014.mspx