Microsoft Security Bulletin Summary for June 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Jun 9, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for june 2009

    Microsoft Security Bulletin Summary for june 2009
    Published: june 9 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx

    Critical (6)

    Microsoft Security Bulletin MS09-018
    Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
    http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx

    Microsoft Security Bulletin MS09-022
    Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
    http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx

    Microsoft Security Bulletin MS09-019
    Cumulative Security Update for Internet Explorer (969897)
    http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx

    Microsoft Security Bulletin MS09-027
    Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
    http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx

    Microsoft Security Bulletin MS09-021
    Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
    http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx

    Microsoft Security Bulletin MS09-024
    Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
    http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx

    Important (3)

    Microsoft Security Bulletin MS09-026
    Vulnerability in RPC Could Allow Elevation of Privilege (97023:cool:
    http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx

    Microsoft Security Bulletin MS09-025
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
    http://www.microsoft.com/technet/security/bulletin/ms09-025.mspx

    Microsoft Security Bulletin MS09-020
    Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
    http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx

    Moderate (1)

    Microsoft Security Bulletin MS09-023
    Vulnerability in Windows Search Could Allow Information Disclosure (963093)
    http://www.microsoft.com/technet/security/bulletin/ms09-023.mspx

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft June Security Bulletins (Level 200)
    Event ID: 1032395225


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Professional.

    Duration: 90 Minutes
    Start Date: Wednesday, June 10, 2009 11:00 AM Pacific Time (US & Canada)

    Event Overview

    On June, 10, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the June bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation and Christopher Budd, Security Response Communications Lead, Microsoft Corporation

    Register now for the june security bulletin webcast.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (97188:cool:
    Update for DNS Devolution
    Published: June 9, 2009

    Version: 1.0


    Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels, such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.

    Mitigating Factors:

    • Customers who are joined to a domain and have a DNS suffix search list configured on their system are not at risk of inadvertently treating external systems as though they were internal. Microsoft encourages all enterprise customers to set DNS suffix search lists on client systems in order to ensure all DNS queries stay within organizational boundaries.

    • In most cases, home users who are not members of a domain do not use DNS devolution and therefore are not exposed to this risk. Home users who are not members of a domain but have configured a primary DNS suffix, however, do use DNS devolution and are at risk of inadvertently treating external systems as though they were internal.

    • Customers whose DNS domain name consists of two labels are not exposed to this risk. An example of a customer who is not affected is contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are customer registered domain names under their respective ".com" and ".gov" top-level domains (TLDs).

    http://www.microsoft.com/technet/security/advisory/971888.mspx
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory Notifications - June 9, 2009

    Issued: June 9, 2009

    Security Advisories Updated or Released Today

    * Microsoft Security Advisory (97188:cool:
    - Title: Update for DNS Devolution
    http://www.microsoft.com/technet/security/advisory/971888.mspx

    * Microsoft Security Advisory (971492)
    - Title: Vulnerability in Internet Information
    Services Could Allow Elevation of Privilege
    http://www.microsoft.com/technet/security/advisory/971492.mspx

    * Microsoft Security Advisory (96989:cool:
    - Title: Update Rollup for ActiveX Kill Bits
    http://www.microsoft.com/technet/security/advisory/969898.mspx

    * Microsoft Security Advisory (945713)
    - Title: Vulnerability in Web Proxy Auto-Discovery
    (WPAD) Could Allow Information Disclosure
    http://www.microsoft.com/technet/security/advisory/945713.mspx
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Major Revisions - July 1, 2009

    Title: Microsoft Security Bulletin Major Revisions
    Issued: July 1, 2009

    Summary


    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS03-011
    * MS02-069
    * MS02-052
    * MS02-013
    * MS00-081
    * MS00-075
    * MS00-059
    * MS00-011
    * MS99-045
    * MS99-031

    Bulletin Information:

    * MS03-011

    http://www.microsoft.com/technet/security/bulletin/ms03-011.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS02-069


    http://www.microsoft.com/technet/security/bulletin/ms02-069.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS02-052


    http://www.microsoft.com/technet/security/bulletin/ms02-052.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS02-013


    http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx
    - Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 3.0

    * (MS00-081)


    http://www.microsoft.com/technet/security/bulletin/ms00-081.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 2.0

    * (MS00-075)


    http://www.microsoft.com/technet/security/bulletin/ms00-075.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 2.0

    * (MS00-059)

    http://www.microsoft.com/technet/security/bulletin/ms00-059.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 2.0

    * (MS00-011)

    http://www.microsoft.com/technet/security/bulletin/ms00-011.mspx
    - Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch Availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 3.0

    * (MS99-045)

    http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx
    - Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch Availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 3.0

    * (MS99-031

    http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx- Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see New Version Availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 3.0
     
Loading...
Thread Status:
Not open for further replies.