Microsoft Security Bulletin Summary for January 2009

Microsoft Security Bulletin Summary for January 2009
Published: January 13, 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx

Today Microsoft released the following Security Bulletin(s).
Microsoft Security Bulletin MS09-001 - Critical
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200)
Event ID: 1032395120

Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 90 Minutes
Start Date: Wednesday, January 14, 2009 11:00 AM Pacific Time (US & Canada)

Event Overview

On January, 14, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the January security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation and and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the January security bulletin webcast.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: January 13, 2009
New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Banload
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Banload

• Conficker
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Conficker


http://www.microsoft.com/security/malwareremove/default.mspx

 

Microsoft Security Bulletin MS08-076 – Important
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
Published: December 9, 2008 | Updated: January 13, 2009

http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

Why was this bulletin re-released on January 13, 2009?
Microsoft re-released this bulletin to offer new update packages for Windows Media Format Runtime 9.5 on Windows XP Service Pack 2 (KB952069) and on Windows XP Service Pack 3 (KB952069). The new update packages fix an installation issue that would result in an incomplete installation on Windows XP systems running Windows Media Format Runtime 9.5 where the customer installed KB944110, a separate update, before installing KB952069. Such customers are still vulnerable and need to download and install the re-released update packages. No other update packages are affected by this re-release. Customers running all other supported and affected versions of Windows Media Player, Windows Media Format Runtime, and Windows Media Services who have already successfully applied the original security update packages do not need to take any further action. The re-released security update packages are available through all of the same distribution channels as the original security update, including Automatic Updates, Windows Update, and Windows Server Update Services

 

Microsoft Security Bulletin Minor Revisions - Jan. 13, 2009

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 13, 2009
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-066 - Important
* MS08-037 - Important

Bulletin Information:
=====================

* MS08-066 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-066.mspx

- Reason for Revision: V1.1 (January 13, 2009): Added an entry to
the section, Frequently Asked Questions (FAQ) Related to this
Security Update, explaining this revision as a detection
change for this security update. The corrected detection
offers the security update to affected systems that
previously were not offered this security update. Customers
who have successfully updated their systems do not need to
reinstall this update.
- Originally posted: October 14, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-037 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

- Reason for Revision: V2.3 (January 13, 2009): Added a new entry
to the Frequently Asked Questions (FAQ) Related to This
Security Update section to communicate the fix to a detection
and deployment issue with Windows XP Service Pack 3. There
were no changes to the binaries or packages for this update.
Customers who have successfully updated their systems do not
need to reinstall this update.
- Originally posted: July 8, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Important
- Version: 2.3

 

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: January 13, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-076 - Important
* MS08-072 - Critical

Bulletin Information:
=====================

* MS08-076 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

- Reason for Revision: V3.0 (January 13, 2009): Added entry to the
Frequently Asked Questions (FAQ) Related to This Security
Update section explaining that Microsoft has re-released the
update packages for Windows Media Format Runtime 9.5 on
Windows XP Service Pack 2 (KB952069) and on Windows XP
Service Pack 3 (KB952069). Customers running all other
supported and affected versions of Windows Media components
who have already applied the original security update
packages do not need to take any further action. Also, listed
Windows Media Player 6.4 and Windows Media Services 4.1 as
affected on all editions of Microsoft Windows 2000 Service
Pack 4; customers who were offered but have not applied this
update, KB954600 for Windows Media Player 6.4, or KB952068
for Windows Media Services 4.1, need to do so.
- Originally posted: December 9, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Important
- Version: 3.0

* MS08-072 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx

- Reason for Revision: V2.0 (January 13, 2009): Added Microsoft
Office Word Viewer to Affected Software table. Also, added an
entry to the section, Frequently Asked Questions (FAQ)
Related to This Security Update, explaining Microsoft Office
Word Viewer. There were no changes to the security update
binaries or detection. Customers with Microsoft Office Word
Viewer who have successfully installed security update
KB956366 do not need to reinstall.
- Originally posted: December 9, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

 

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: January 21, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS05-022

Bulletin Information:
=====================

* MS05-022 - Critical

http://www.microsoft.com/technet/security/bulletin/ms05-022.mspx

- Reason for Revision: V2.0 (January 21, 2009): Bulletin updated.
Replaced the download link for MSN Messenger 6.2 with the
bulletin link to MS07-054. Users may either use the specific
download link in MS07-054 to upgrade, or log on to MSN Messenger
service to accept the required upgrade.
- Originally posted: April 12, 2005
- Updated: January 21, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0


Microsoft Security Bulletin Minor Revisions - Jan. 21, 2009

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 21, 2009
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important
Bulletin Information:
=====================

* MS08-040 - Important
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

- Reason for Revision: V1.7 (January 21, 2009): Listed Microsoft
SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3a, a
component of Application Center 2000 Service Pack 2, as
non-affected software.
- Originally posted: July 8, 2008
- Updated: January 21, 2009
- Bulletin Severity Rating: Important
- Version: 1.7

 

The Microsoft Security Response Center (MSRC) : January 22, 2009: MS08-067 Conficker Worm Update:
http://blogs.technet.com/msrc/archive/2009/01/22/january-22-2009-ms08-067-conficker-worm-update.aspx

 

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: January 28, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-074 - Critical

Bulletin Information:
=====================

* MS08-074 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx

- Reason for Revision: V2.0 (January 28, 2009): Added a footnote to
the Affected Software table and two entries to the section,
Frequently Asked Questions (FAQ) Related to this Security
Update, pertaining to security updates KB958437 and KB958439
for supported versions of Microsoft Office Excel 2007. There
were no changes to the security update binaries or detection.
Customers with Microsoft Office Excel 2007 or Microsoft
Office Excel 2007 Service Pack 1 who have already
successfully installed KB958437 and KB958439 do not need to reinstall.
- Originally posted: December 9, 2008
- Updated: January 28, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0