Microsoft Security Bulletin Summary for October 13, 2009

Microsoft Security Bulletin Summary for October 13, 2009

Microsoft Security Bulletin Summary for October 13, 2009
Published: september 8 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx

Critical (

Microsoft Security Bulletin MS09-050 - Critical
Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx


Microsoft Security Bulletin MS09-051 - Critical
Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx

Microsoft Security Bulletin MS09-052 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx

Microsoft Security Bulletin MS09-054 - Critical
Cumulative Security Update for Internet Explorer (974455)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

Microsoft Security Bulletin MS09-055 - Critical
Cumulative Security Update of ActiveX Kill Bits (973525)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx

Microsoft Security Bulletin MS09-060 - Critical
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

Microsoft Security Bulletin MS09-061 - Critical
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (97437
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-061.mspx

Microsoft Security Bulletin MS09-062 - Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (95748
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx



Important (5)

Microsoft Security Bulletin MS09-053 - Important
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx

Microsoft Security Bulletin MS09-056 - Important
Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-056.mspx

Microsoft Security Bulletin MS09-057 - Important
Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx

Microsoft Security Bulletin MS09-058 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx

Microsoft Security Bulletin MS09-059 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
Published: October 13, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-059.mspx
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)
Event ID: 1032407488

Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.


Duration: 90 Minutes
Start Date: Wednesday, October 14, 2009 11:00 AM Pacific Time (US & Canada)

Event Overview

On October 14, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the October security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Christopher Budd, Trustworthy Computing Senior Public Relations Manager, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation






Register now for the october security bulletin webcast.

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Date Published: 10/13/2009

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

October 2009 Security Release ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on October 13th, 2009.

http://www.microsoft.com/downloads/...86-b552-43ba-8d40-4b579d592729&displaylang=en

 

Microsoft Security Bulletin Major Revision - Oct. 13, 2009

Issued: October 13, 2009

Summary

The following bulletin has undergone a major revision increment.

* MS08-069 - Critical

Bulletin Information:

* MS08-069 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

 

Microsoft Security Advisory Notification - Oct. 13, 2009

Issued: October 13, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (975497)
- Title: Vulnerabilities in SMB Could Allow Remote
Code Execution
Revision Note: V2.0 (October 13, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/975497.mspx



* Microsoft Security Advisory (975191)
- Title: Vulnerabilities in the FTP Service in
Internet Information Service
- Revision Note: V3.0 (October 13, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/975191.mspx


Microsoft Security Advisory (973882)
- Title: Vulnerabilities in Microsoft Active Template
Library (ATL) Could Allow Remote Code Execution
- Revision Note: V4.0 (October 13, 2009): Advisory revised to
add an entry in the Updates related to ATL section to
communicate the release of Microsoft Security Bulletin
MS09-060, "Vulnerabilities in Microsoft Active Template
http://www.microsoft.com/technet/security/advisory/973882.mspx

 

Microsoft Security Bulletin Minor Revision - Oct. 13, 2009

Issued: October 13, 2009

Summary

The following bulletin has undergone a minor revision increment.

* MS09-024 - Critical

Bulletin Information:

* MS09-024 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx

- Reason for Revision: V1.1 (October 13, 2009): Bulletin revised to
announce the addition of language localizations to the update
for Works 9. Customers who have already successfully applied
the original update to Works 9 are not affected by this revision.
- Originally posted: June 9, 2009
- Updated: October 13, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

 

Microsoft Security Advisory Notification - Oct. 14, 2009

Issued: October 14, 2009

Security Advisory Updated or Released Today

* Microsoft Security Advisory (973811)
- Title: Extended Protection for Authentication
http://www.microsoft.com/technet/security/advisory/973811.mspx

Revisions:

• V1.0 (August 11, 2009): Advisory published.

• V1.1 (October 14, 2009): Updated the FAQ with information about a non-security update included in MS09-054 relating to WinINET.

 

Microsoft Security Bulletin MS09-054 - Critical
Cumulative Security Update for Internet Explorer (974455)
Published: October 13, 2009 | Updated: October 18, 2009

Version: 1.1
Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 18, 2009): Revised the Executive Summary and added FAQ entries for CVE-2009-2529 to provide direction for Firefox users.

http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

 

Microsoft Security Bulletin MS09-053 - Important
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Published: October 13, 2009 | Updated: October 19, 2009

Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 19, 2009): Removed the acknowledgments section. Corrected the affected software and severity tables to reclassify Windows XP Professional x64 Edition Service Pack 2 as running IIS 6.0.


http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx

 

Microsoft Security Bulletin MS09-061 - Critical
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (97437
Published: October 13, 2009 | Updated: October 21, 2009

Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 21, 2009): Corrected the deployment information for Microsoft .NET Framework on all supported releases of Microsoft Windows. This is an informational change only. Customers who have successfully installed this update do not need to reinstall.


http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx


Microsoft Security Bulletin MS09-060 - Critical
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
Published: October 13, 2009 | Updated: October 21, 2009
Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 21, 2009): Added entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to describe the known issue update available from KB974554, KB974556, or KB974234.

http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

 

Microsoft Security Bulletin MS09-043 - Critical
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (95763
Published: August 11, 2009 | Updated: October 27, 2009

Revisions
• V1.0 (August 11, 2009): Bulletin published.

• V1.1 (August 12, 2009): Corrected the restart requirement for Visual Studio .NET 2003; updated the tables in the Detection and Deployment Tools and Guidance section; updated the impact description of the workaround, "Prevent Office Web Components Library from running in Internet Explorer;" corrected the update installation switches for Internet Security and Acceleration Server 2004 and Internet Security and Acceleration Server 2006; and performed miscellaneous edits.

• V2.0 (October 27, 2009): Bulletin revised to communicate the rerelease of the update for Microsoft Office 2003 Service Pack 3 and Microsoft Office 2003 Web Components Service Pack 3 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.

http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx

 

Microsoft Security Bulletin MS09-062 - Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (95748
Published: October 13, 2009 | Updated: October 28, 2009

Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 14, 2009): Added Microsoft SQL Server 2005 Express Edition Service Pack 3 to the Non-Affected Software table, and updated the Developer Tools entries in the Detection and Deployment Tools and Guidance section.

• V2.0 (October 28, 2009): Added Microsoft Office Visio Viewer 2007, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2 as affected software, and added SQL Server 2008 and SQL Server 2008 Service Pack 1 to the Non-Affected Software table. Also added notes to the Affected Software table for SQL Server 2005 customers with a Reporting Services SharePoint dependency; corrected the MBSA detection entries for Microsoft Report Viewer; and corrected the log file and registry key verification information for Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4.

http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx

 

Microsoft Security Bulletin MS09-052 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
Published: October 13, 2009 | Updated: October 29, 2009

Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 29, 2009): Removed a workaround. Also added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to clarify why some customers without Windows Media Player 6.4 on their systems may be offered this update.

http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx

 

Microsoft Security Bulletin MS09-054 - Critical
Cumulative Security Update for Internet Explorer (974455)
Published: October 13, 2009 | Updated: November 02, 2009

Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 18, 2009): Revised the Executive Summary and added FAQ entries for CVE-2009-2529 to provide direction for Firefox users.

• V1.2 (October 19, 2009): Added a link to Microsoft Knowledge Base Article 974455 under Known Issues in the Executive Summary.

• V2.0 (November 2, 2009): Revised to announce the availability of a hotfix to address application compatibility issues. Customers who have already applied this update may install the hotfix from Microsoft Knowledge Base Article 976749. Also corrected the log file names, spuninst folder names, and registry key values for Microsoft Windows 2000.

http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx