Microsoft Security Bulletin Summary for December 9, 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Dec 8, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin Summary for December 9, 2009

    Microsoft Security Bulletin Summary for december 9, 2009
    Published: November 10 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:


    http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx


    Critical (3)

    Microsoft Security Bulletin MS09-071 - Critical
    Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (97431:cool:
    Published: December 08, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-071.mspx

    Microsoft Security Bulletin MS09-074 - Critical
    Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
    Published: December 08, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx

    Microsoft Security Bulletin MS09-072 - Critical
    Cumulative Security Update for Internet Explorer (976325)
    Published: December 08, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx




    Important (3)


    Microsoft Security Bulletin MS09-069 - Important
    Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
    Published: December 08, 2009
    http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx

    Microsoft Security Bulletin MS09-070 - Important
    Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
    Published: December 08, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-070.mspx

    Microsoft Security Bulletin MS09-073 - Important
    Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
    Published: December 08, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft® Windows® Malicious Software Removal Tool (KB890830)
    Brief Description
    This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

    Date Published: 12/8/2009

    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)
    Event ID: 1032407802


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Generalist.

    Duration: 90 Minutes
    Start Date: Wednesday, December 09, 2009 11:00 AM Pacific Time (US & Canada)

    Event Overview

    On December 9, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the December security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Jerry Bryant, Senior Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

    Register now for the December security bulletin webcast.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin MS08-037 – Important
    Vulnerabilities in DNS Could Allow Spoofing (953230)
    Published: July 08, 2008 | Updated: December 08, 2009



    Revisions
    • V1.0 (July 8, 200:cool:: Bulletin published.

    • V2.0 (July 10, 200:cool:: Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did not change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

    • V2.1 (July 23, 200:cool:: Affected Software table revised to add MS06-064, MS07-062, and MS08-001 as bulletins replaced by this update.

    • V2.2 (July 25, 200:cool:: Added three new known issues entries to Frequently Asked Questions (FAQ) Related to This Security Update.

    • V2.3 (January 13, 2009): Added a new entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate the fix to a detection and deployment issue with Windows XP Service Pack 3. There were no changes to the binaries or packages for this update. Customers who have successfully updated their systems do not need to reinstall this update.

    • V3.0 (December 8, 2009): Updated to communicate the rerelease of the security update for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB95174:cool:. Also corrected the bulletin replacement information for this update. Customers who have previously installed this update need to reinstall the automatically reoffered update. No other updates are affected by this rerelease.

    http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    New Security Advisories

    Security Advisories Updated or Released Today

    * Microsoft Security Advisory (977981)
    - Title: Vulnerability in Internet Explorer Could
    Allow Remote Code Execution
    - Revision Note: V2.0 (December 8, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/977981.mspx

    * Microsoft Security Advisory (974926)
    - Title: Credential Relaying Attacks on Integrated
    Windows Authentication
    Revision Note: V1.0 (December 8, 2009): Advisory published.
    http://www.microsoft.com/technet/security/advisory/974926.mspx

    Microsoft Security Advisory (973811)
    Extended Protection for Authentication
    Published: August 11, 2009 | Updated: December 08, 2009
    http://www.microsoft.com/technet/security/advisory/973811.mspx

    * Microsoft Security Advisory (954157)
    - Title: Security Enhancements for the Indeo Codec
    - Revision Note: V1.0 (December 8, 2009): Advisory published.
    http://www.microsoft.com/technet/security/advisory/954157.mspx
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - Dec. 9, 2009

    Issued: December 9, 2009

    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-073 - Important
    * MS09-072 - Critical
    * MS09-071 - Critical
    * MS09-070 - Important
    * MS09-058 - Important
    * MS08-037 - Important


    Bulletin Information:

    Microsoft Security Bulletin MS09-073 - Important
    Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
    Published: December 08, 2009 | Updated: December 09, 2009
    Revisions
    • V1.0 (December 8, 2009): Bulletin published.

    • V1.1 (December 9, 2009): Removed a redundant entry for the Microsoft Office Compatibility Pack from the non-affected software table. Also corrected several deployment reference tables to clarify that in some cases, this update does not require a restart. This is an informational change only.

    http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx


    Microsoft Security Bulletin MS09-072 - Critical
    Cumulative Security Update for Internet Explorer (976325)
    Published: December 08, 2009 | Updated: December 09, 2009
    Revisions
    • V1.0 (December 8, 2009): Bulletin published.

    • V1.1 (December 9, 2009): Corrected a reference to Microsoft Knowledge Base Article 976749 in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Also corrected, in the Security Update Deployment section, the registry key for verification of the update for Internet Explorer 7 for all supported x64-based editions of Windows XP.

    http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx


    Microsoft Security Bulletin MS09-071 - Critical
    Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (97431:cool:
    Published: December 08, 2009 | Updated: December 09, 2009
    Revisions
    • V1.0 (December 8, 2009): Bulletin published.

    • V1.1 (December 9, 2009): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision. This is an informational change only.

    http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx


    Microsoft Security Bulletin MS09-070 - Important
    Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
    Published: December 08, 2009 | Updated: December 09, 2009
    Revisions
    • V1.0 (December 8, 2009): Bulletin published.

    • V1.1 (December 9, 2009): Corrected the SMS 2.0 and SMS 2003 with SUIT entries for Windows Server 2003 x64 Edition Service Pack 2 in the SMS table. This is an information change only.

    http://www.microsoft.com/technet/security/bulletin/ms09-070.mspx


    Microsoft Security Bulletin MS09-058 - Important
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
    Published: October 13, 2009
    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx


    Microsoft Security Bulletin MS08-037 – Important
    Vulnerabilities in DNS Could Allow Spoofing (953230)
    Published: July 08, 2008 | Updated: December 09, 2009
    Revisions
    • V1.0 (July 8, 200:cool:: Bulletin published.

    • V2.0 (July 10, 200:cool:: Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did not change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

    • V2.1 (July 23, 200:cool:: Affected Software table revised to add MS06-064, MS07-062, and MS08-001 as bulletins replaced by this update.

    • V2.2 (July 25, 200:cool:: Added three new known issues entries to Frequently Asked Questions (FAQ) Related to This Security Update.

    • V2.3 (January 13, 2009): Added a new entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate the fix to a detection and deployment issue with Windows XP Service Pack 3. There were no changes to the binaries or packages for this update. Customers who have successfully updated their systems do not need to reinstall this update.

    • V3.0 (December 8, 2009): Updated to communicate the rerelease of the security update for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB95174:cool:. Also corrected the bulletin replacement information for this update. Customers who have previously installed this update need to reinstall the automatically reoffered update. No other updates are affected by this rerelease.

    • V3.1 (December 9, 2009): Corrected the registry key verification and removal information in the reference table for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB95174:cool:. This is an informational change only.

    http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
     
Loading...
Thread Status:
Not open for further replies.