Microsoft Security Bulletin Summary for December 9, 2009

Microsoft Security Bulletin Summary for December 9, 2009

Microsoft Security Bulletin Summary for december 9, 2009
Published: November 10 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx


Critical (3)

Microsoft Security Bulletin MS09-071 - Critical
Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (97431
Published: December 08, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-071.mspx

Microsoft Security Bulletin MS09-074 - Critical
Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
Published: December 08, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx

Microsoft Security Bulletin MS09-072 - Critical
Cumulative Security Update for Internet Explorer (976325)
Published: December 08, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx




Important (3)

Microsoft Security Bulletin MS09-069 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
Published: December 08, 2009
http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx

Microsoft Security Bulletin MS09-070 - Important
Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
Published: December 08, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-070.mspx

Microsoft Security Bulletin MS09-073 - Important
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
Published: December 08, 2009
http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Date Published: 12/8/2009

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)
Event ID: 1032407802

Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.

Duration: 90 Minutes
Start Date: Wednesday, December 09, 2009 11:00 AM Pacific Time (US & Canada)

Event Overview

On December 9, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the December security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Senior Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register now for the December security bulletin webcast.

 

Microsoft Security Bulletin MS08-037 – Important
Vulnerabilities in DNS Could Allow Spoofing (953230)
Published: July 08, 2008 | Updated: December 08, 2009


Revisions
• V1.0 (July 8, 200: Bulletin published.

• V2.0 (July 10, 200: Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did not change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

• V2.1 (July 23, 200: Affected Software table revised to add MS06-064, MS07-062, and MS08-001 as bulletins replaced by this update.

• V2.2 (July 25, 200: Added three new known issues entries to Frequently Asked Questions (FAQ) Related to This Security Update.

• V2.3 (January 13, 2009): Added a new entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate the fix to a detection and deployment issue with Windows XP Service Pack 3. There were no changes to the binaries or packages for this update. Customers who have successfully updated their systems do not need to reinstall this update.

• V3.0 (December 8, 2009): Updated to communicate the rerelease of the security update for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB95174. Also corrected the bulletin replacement information for this update. Customers who have previously installed this update need to reinstall the automatically reoffered update. No other updates are affected by this rerelease.

http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

 

New Security Advisories

Security Advisories Updated or Released Today

* Microsoft Security Advisory (977981)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- Revision Note: V2.0 (December 8, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/977981.mspx

* Microsoft Security Advisory (974926)
- Title: Credential Relaying Attacks on Integrated
Windows Authentication
Revision Note: V1.0 (December 8, 2009): Advisory published.
http://www.microsoft.com/technet/security/advisory/974926.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
Published: August 11, 2009 | Updated: December 08, 2009
http://www.microsoft.com/technet/security/advisory/973811.mspx

* Microsoft Security Advisory (954157)
- Title: Security Enhancements for the Indeo Codec
- Revision Note: V1.0 (December 8, 2009): Advisory published.
http://www.microsoft.com/technet/security/advisory/954157.mspx

 

Microsoft Security Bulletin Minor Revisions - Dec. 9, 2009

Issued: December 9, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-073 - Important
* MS09-072 - Critical
* MS09-071 - Critical
* MS09-070 - Important
* MS09-058 - Important
* MS08-037 - Important

Bulletin Information:

Microsoft Security Bulletin MS09-073 - Important
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
Published: December 08, 2009 | Updated: December 09, 2009
Revisions
• V1.0 (December 8, 2009): Bulletin published.

• V1.1 (December 9, 2009): Removed a redundant entry for the Microsoft Office Compatibility Pack from the non-affected software table. Also corrected several deployment reference tables to clarify that in some cases, this update does not require a restart. This is an informational change only.

http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx


Microsoft Security Bulletin MS09-072 - Critical
Cumulative Security Update for Internet Explorer (976325)
Published: December 08, 2009 | Updated: December 09, 2009
Revisions
• V1.0 (December 8, 2009): Bulletin published.

• V1.1 (December 9, 2009): Corrected a reference to Microsoft Knowledge Base Article 976749 in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Also corrected, in the Security Update Deployment section, the registry key for verification of the update for Internet Explorer 7 for all supported x64-based editions of Windows XP.

http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx


Microsoft Security Bulletin MS09-071 - Critical
Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (97431
Published: December 08, 2009 | Updated: December 09, 2009
Revisions
• V1.0 (December 8, 2009): Bulletin published.

• V1.1 (December 9, 2009): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision. This is an informational change only.

http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx


Microsoft Security Bulletin MS09-070 - Important
Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
Published: December 08, 2009 | Updated: December 09, 2009
Revisions
• V1.0 (December 8, 2009): Bulletin published.

• V1.1 (December 9, 2009): Corrected the SMS 2.0 and SMS 2003 with SUIT entries for Windows Server 2003 x64 Edition Service Pack 2 in the SMS table. This is an information change only.

http://www.microsoft.com/technet/security/bulletin/ms09-070.mspx


Microsoft Security Bulletin MS09-058 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
Published: October 13, 2009
Revisions
• V1.0 (October 13, 2009): Bulletin published.

http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx


Microsoft Security Bulletin MS08-037 – Important
Vulnerabilities in DNS Could Allow Spoofing (953230)
Published: July 08, 2008 | Updated: December 09, 2009
Revisions
• V1.0 (July 8, 200: Bulletin published.

• V2.0 (July 10, 200: Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did not change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

• V2.1 (July 23, 200: Affected Software table revised to add MS06-064, MS07-062, and MS08-001 as bulletins replaced by this update.

• V2.2 (July 25, 200: Added three new known issues entries to Frequently Asked Questions (FAQ) Related to This Security Update.

• V2.3 (January 13, 2009): Added a new entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate the fix to a detection and deployment issue with Windows XP Service Pack 3. There were no changes to the binaries or packages for this update. Customers who have successfully updated their systems do not need to reinstall this update.

• V3.0 (December 8, 2009): Updated to communicate the rerelease of the security update for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB95174. Also corrected the bulletin replacement information for this update. Customers who have previously installed this update need to reinstall the automatically reoffered update. No other updates are affected by this rerelease.

• V3.1 (December 9, 2009): Corrected the registry key verification and removal information in the reference table for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB95174. This is an informational change only.

http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx