Microsoft Security Bulletin Summary for August 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Aug 11, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for august 2009

    Microsoft Security Bulletin Summary for august 2009
    Published: august 11 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:


    http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx

    Critical (5)

    Microsoft Security Bulletin MS09-043 - Critical
    Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (95763:cool:
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx


    Microsoft Security Bulletin MS09-044 - Critical
    Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx

    Microsoft Security Bulletin MS09-039 - Critical
    Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-039.mspx

    Microsoft Security Bulletin MS09-038 - Critical
    Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-038.mspx

    Microsoft Security Bulletin MS09-037 - Critical
    Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (97390:cool:
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx


    Important (4 )

    Microsoft Security Bulletin MS09-041 - Important
    Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-041.mspx

    Microsoft Security Bulletin MS09-040 - Important
    Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-040.mspx

    Microsoft Security Bulletin MS09-036 - Important
    Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-036.mspx

    Microsoft Security Bulletin MS09-042 - Important
    Vulnerability in Telnet Could Allow Remote Code Execution (960859)
    Published: August 11, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     

    Attached Files:

  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200)
    Event ID: 1032407484

    Language(s): English.
    Product(s): Security.
    Audience(s): IT Professional.


    Duration: 90 Minutes
    Start Date: Wednesday, August 12, 2009 11:00 AM Pacific Time (US & Canada)




    Event Overview

    On August 12, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the August security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Christopher Budd, Trustworthy Computing Senior Public Relations Manager, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

    Register now for the august security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (973811)
    Extended Protection for Authentication
    Published: August 11, 2009

    Version: 1.0


    Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

    The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials.

    Mitigating Factors:

    • Internet Explorer will never send credentials automatically to servers hosted in the Internet zone. This reduces the risk that credentials can be forwarded by an attacker within this zone.

    • Applications that use session signing and encryption (such as remote procedure call (RPC) with privacy and integrity, or server message block (SMB) with signing enabled) are not affected by credential forwarding.

    http://www.microsoft.com/technet/security/advisory/973811.mspx
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - Aug. 12, 2009

    Title: Microsoft Security Bulletin Minor Revisions
    Issued: August 12, 2009


    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-043 - Critical
    * MS09-042 - Important
    * MS09-039 - Critical
    * MS09-037 - Critical
    * MS09-035 - Moderate

    Bulletin Information:

    * MS09-043 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx

    * MS09-042 - Important

    http://www.microsoft.com/technet/security/bulletin/ms09-042.mspx

    MS09-037 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

    * MS09-035 - Moderate
    http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Major Revisions - Aug. 25, 2009

    Title: Microsoft Security Bulletin Major Revisions
    Issued: August 25, 2009

    Summary

    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-044 - Critical
    * MS09-029 - Critical

    Bulletin Information:

    * MS09-044 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx

    - Reason for Revision: V2.0 (August 25, 2009): Corrected the
    download link for RDP Version 5.2 for Windows XP Service Pack
    2 (KB958469). Also corrected the footnote that prescribed an
    erroneous install sequence for KB958471 and KB958470.
    Customers who have successfully installed these updates do
    not need to reinstall.
    - Originally posted: August 11, 2009
    - Updated: August 25, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS09-029 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-029.mspx

    - Reason for Revision: V3.0 (August 25, 2009): Added an entry to
    the section, Frequently Asked Questions (FAQ) Related to This
    Security Update to communicate the rerelease of the
    Japanese-language update for Windows XP Service Pack 2,
    Windows XP Service Pack 3, and Windows XP Professional x64
    Edition Service Pack 2. Customers who require the
    Japanese-language update need to install the rereleased
    update. No other updates or locales are affected by this rerelease.
    - Originally posted: July 14, 2009
    - Updated: August 25, 2009
    - Bulletin Severity Rating: Critical
    - Version: 3.0
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-014 - Critical
    Cumulative Security Update for Internet Explorer (963027)
    Published: April 14, 2009 | Updated: August 25, 2009

    V1.3 (August 25, 2009): Corrected the SearchPath feature control key specified in the entry about CVE-2008-2540 in the section, Frequently Asked Questions (FAQ) Related to This Security Update.



    http://www.microsoft.com/technet/security/bulletin/ms09-014.mspx
     
Loading...
Thread Status:
Not open for further replies.