Microsoft Security Bulletin Summary for April 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Apr 14, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin Summary for April 2009

    Microsoft Security Bulletin Summary for April 2009
    Published: April 14, 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx

    Critical
    Microsoft Security Bulletin MS09-010 - Critical
    Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
    http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx


    Microsoft Security Bulletin MS09-013 - Critical
    Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
    http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx


    Microsoft Security Bulletin MS09-011 - Critical
    Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
    http://www.microsoft.com/technet/security/Bulletin/ms09-011.mspx


    Microsoft Security Bulletin MS09-014 - Critical
    Cumulative Security Update for Internet Explorer (963027)
    http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx


    Microsoft Security Bulletin MS09-009 - Critical
    Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
    http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx



    Important
    Microsoft Security Bulletin MS09-012 - Important
    Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
    http://www.microsoft.com/technet/security/Bulletin/ms09-012.mspx


    Microsoft Security Bulletin MS09-016 - Important
    Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
    http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx


    Moderate

    Microsoft Security Bulletin MS09-015 – Moderate
    Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
    http://www.microsoft.com/technet/security/Bulletin/MS09-015.mspx



    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200)
    Event ID: 1032395126


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Professional.

    Duration: 90 Minutes
    Start Date: Wednesday, April 15, 2009 11:00 AM Pacific Time (US & Canada)

    Event Overview

    On April, 15, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the April bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation and Christopher Budd, Security Response Communications Lead, Microsoft Corporation

    Register now for the April security bulletin webcast.


    Security Bulletin Overview Video – April 2009

    http://blogs.technet.com/msrc/archive/2009/04/14/security-bulletin-overview-video-april-2009.aspx
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Advisory Notification - April 14, 2009

    ********************************************************************
    Title: Microsoft Security Advisory Notification
    Issued: April 14, 2009
    ********************************************************************

    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (968272)
    - Title: Vulnerability in Microsoft Office Excel
    Could Allow Remote Code Execution
    - Revision Note: V3.0 (April 14, 2009) Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/968272.mspx

    * Microsoft Security Advisory (960906)
    - Title: Vulnerability in WordPad Text Converter
    Could Allow Remote Code Execution
    - Revision Note: V2.0 (April 14, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/960906.mspx

    * Microsoft Security Advisory (95381:cool:
    - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
    - Revision Note: V2.0 (April 14, 2009): Added references and
    links to MS09-014 and MS09-015, which address the issue in
    this advisory.
    http://www.microsoft.com/technet/security/advisory/953818.mspx

    * Microsoft Security Advisory (951306)
    - Title: Vulnerability in Windows Could Allow
    Elevation of Privilege Revision Note: V3.0 (April 14, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/951306.mspx
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 14th, 2009.
    This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 14th, 2009. April 2009 Security and Critical Releases ISO Image does not contain security updates for any other Microsoft products.

    This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time

    http://www.microsoft.com/downloads/...fd-001a-4f03-bfa8-08042138dd8e&displaylang=en
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    *Microsoft Security Bulletin Minor Revisions - Apr. 29, 2009


    MS09-012 - Important

    http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx

    - Reason for Revision: V2.0 (April 29, 2009): Added an entry to the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update to communicate the rerelease of the
    Norwegian-language update for Microsoft Windows 2000 Service
    Pack 4 (KB952004). Customers who require the
    Norwegian-language update need to download and install the
    rereleased update. No other updates or locales are affected
    by this rerelease.
    - Originally posted: April 14, 2009
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Important
    - Version: 2.0

    * MS08-076 - Important

    http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
    - Reason for Revision: V4.0 (April 29, 2009): Added Windows Media
    Services 2008 (KB95206:cool: on 32-bit and x64-based editions of
    Windows Server 2008 Service Pack 2 as affected software.
    Also, added Windows Server 2008 for Itanium-based Systems
    Service Pack 2 as non-affected software. This is a detection
    change only; there were no changes to the binaries. Customers
    who have already successfully installed KB952068 do not need
    to reinstall.
    - Originally posted: December 9, 2008
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Important
    - Version: 4.0

    * MS08-069 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
    - Reason for Revision: V2.0 (April 29, 2009): Added Microsoft XML
    Core Services 4.0 (KB954430) on 32-bit and x64-based editions
    of Windows Vista Service Pack 2 and on 32-bit, x64-based, and
    Itanium-based editions of Windows Server 2008 Service Pack 2
    as affected software. Also added as non-affected software:
    Microsoft XML Core Services 3.0 and Microsoft XML Core
    Services 6.0 on 32-bit and x64-based editions of Windows
    Vista Service Pack 2 and on 32-bit, x64-based, and
    Itanium-based editions of Windows Server 2008 Service Pack 2.
    This is a detection change only; there were no changes to the
    binaries. Customers who have already successfully installed
    KB954430 do not need to reinstall.
    - Originally posted: November 11, 2008
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    MS09-013 - Critical

    Bulletin Information:

    * MS09-013 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-013.mspx
    - Reason for Revision: V1.1 (April 29, 2009): Added entry to the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update, to communicate that the Known issues with
    this security update section in the associated Microsoft
    Knowledge Base Article 960803 has been updated. This is an
    informational change only.
    - Originally posted: April 14, 2009
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Critical
    - Version: 1.1
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Advisory Notification - Apr. 29, 2009

    Title: Microsoft Security Advisory Notification
    Issued: April 29, 2009

    Security Advisories Updated or Released Today

    * Microsoft Security Advisory (960715)
    - Title: Update Rollup for ActiveX Kill Bits

    http://www.microsoft.com/technet/security/advisory/960715.mspx
    - Revision Note: V1.1 (April 29, 2009): Added an entry to
    Frequently Asked Questions to communicate that users with
    Windows Server 2008 Server Core installation do not need to
    install this update.
     
Loading...
Thread Status:
Not open for further replies.