Microsoft Security Bulletin Summary for March 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Mar 10, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin Summary for March 2009

    Microsoft Security Bulletin Summary for March 2009
    Published: March 10, 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms09-mar.mspx

    Critical
    Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)

    This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.
    http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx

    Important

    Vulnerability in SChannel Could Allow Spoofing (960225)
    This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.
    http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx


    Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238

    This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
    http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Security Bulletin Overview Video - March 2009


    This month we are adding another new video feature. In addition to the entire security bulletin webcast recordings being posted for you to playback (available later this week), we are also providing a short, five to ten minute overview of the bulletins we have released. These clips will focus on the severity of the issue and the exploitability index ratings we have assigned them in order to help you get a quick understanding of the impact to your environment.

    For the March 2009 security bulletin release, MSRC director Mike Reavey joined me to cover this overview:

    TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200)
    Event ID: 1032395124


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Professional.

    Duration: 90 Minutes
    Start Date: Wednesday, March 11, 2009 11:00 AM Pacific Time (US & Canada)


    Event Overview

    On March, 11, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the March bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation and Mike Reavey, Director, MSRC, Microsoft Corporation

    Register now for the March security bulletin webcast.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Title: Microsoft Security Bulletin Major Revisions
    Issued: March 10, 2009
    ********************************************************************


    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-052 - Critical

    Bulletin Information:
    =====================

    * MS08-052 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
    - Reason for Revision: V4.0 (March 10, 2009): Added entry in the
    Frequently Asked Questions (FAQ) Related to this Security
    Update section to communicate the rerelease of the update
    packages for Windows XP Service Pack 3 and Windows Server
    2003 Service Pack 2 to fix an installation issue. Customers
    who have already successfully installed the original updates
    for Windows XP Service Pack 3 or Windows Server 2003 Service
    Pack 2 do not need to reinstall the new updates.
    - Originally posted: September 9, 2008
    - Updated: March 10, 2009
    - Bulletin Severity Rating: Critical
    - Version: 4.0
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - Mar. 11, 2009

    **************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: March 11, 2009
    **************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-008 - Important

    Bulletin Information:
    =====================

    * MS09-008 - Important

    http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx

    - Reason for Revision: V1.1 (March 11, 2009): Clarified that
    CVE-2009-0093 does not apply to supported editions of Windows
    Server 2008. Added a link to Microsoft Knowledge Base Article
    962238 under Known Issues in the Executive Summary. Clarified
    what systems are primarily at risk for CVE-2009-2033.
    Finally, updated a finder acknowledgment for CVE-2009-0233
    and CVE-2009-0234.
    - Originally posted: March 10, 2009
    - Updated: March 11, 2009
    - Bulletin Severity Rating: Important
    - Version: 1.1
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Advisory Notification - March 11, 2009

    ***********************************************
    Title: Microsoft Security Advisory Notification
    Issued: March 11, 2009
    ***********************************************

    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (953839)
    - Title: Update Rollup for ActiveX Kill Bits

    http://www.microsoft.com/technet/security/advisory/953839.mspx
    - Revision Note: March 11, 2009: Added an entry to Frequently
    Asked Questions to communicate that for the purpose of
    automatic updating, this update does not replace the
    Cumulative Security Update of ActiveX Kill Bits (950760) that
    is described in Microsoft Security Bulletin MS08-032.
     
Loading...
Thread Status:
Not open for further replies.