Microsoft Security Bulletin Summary for October 13, 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Oct 13, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for October 13, 2009

    Microsoft Security Bulletin Summary for October 13, 2009
    Published: september 8 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:


    http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx

    Critical (:cool:

    Microsoft Security Bulletin MS09-050 - Critical
    Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx


    Microsoft Security Bulletin MS09-051 - Critical
    Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx

    Microsoft Security Bulletin MS09-052 - Critical
    Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx

    Microsoft Security Bulletin MS09-054 - Critical
    Cumulative Security Update for Internet Explorer (974455)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

    Microsoft Security Bulletin MS09-055 - Critical
    Cumulative Security Update of ActiveX Kill Bits (973525)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx

    Microsoft Security Bulletin MS09-060 - Critical
    Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

    Microsoft Security Bulletin MS09-061 - Critical
    Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (97437:cool:
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-061.mspx

    Microsoft Security Bulletin MS09-062 - Critical
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (95748:cool:
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx



    Important (5)


    Microsoft Security Bulletin MS09-053 - Important
    Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx

    Microsoft Security Bulletin MS09-056 - Important
    Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-056.mspx

    Microsoft Security Bulletin MS09-057 - Important
    Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx

    Microsoft Security Bulletin MS09-058 - Important
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx

    Microsoft Security Bulletin MS09-059 - Important
    Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
    Published: October 13, 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-059.mspx
    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)
    Event ID: 1032407488


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Generalist.


    Duration: 90 Minutes
    Start Date: Wednesday, October 14, 2009 11:00 AM Pacific Time (US & Canada)

    Event Overview


    On October 14, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the October security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Christopher Budd, Trustworthy Computing Senior Public Relations Manager, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation






    Register now for the october security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft® Windows® Malicious Software Removal Tool (KB890830)
    Brief Description
    This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

    Date Published: 10/13/2009

    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory Notification - Oct. 13, 2009

    Issued: October 13, 2009

    Security Advisories Updated or Released Today

    * Microsoft Security Advisory (975497)
    - Title: Vulnerabilities in SMB Could Allow Remote
    Code Execution
    Revision Note: V2.0 (October 13, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/975497.mspx



    * Microsoft Security Advisory (975191)
    - Title: Vulnerabilities in the FTP Service in
    Internet Information Service
    - Revision Note: V3.0 (October 13, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/975191.mspx


    Microsoft Security Advisory (973882)
    - Title: Vulnerabilities in Microsoft Active Template
    Library (ATL) Could Allow Remote Code Execution
    - Revision Note: V4.0 (October 13, 2009): Advisory revised to
    add an entry in the Updates related to ATL section to
    communicate the release of Microsoft Security Bulletin
    MS09-060, "Vulnerabilities in Microsoft Active Template
    http://www.microsoft.com/technet/security/advisory/973882.mspx
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revision - Oct. 13, 2009

    Issued: October 13, 2009

    Summary

    The following bulletin has undergone a minor revision increment.

    * MS09-024 - Critical

    Bulletin Information:

    * MS09-024 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx

    - Reason for Revision: V1.1 (October 13, 2009): Bulletin revised to
    announce the addition of language localizations to the update
    for Works 9. Customers who have already successfully applied
    the original update to Works 9 are not affected by this revision.
    - Originally posted: June 9, 2009
    - Updated: October 13, 2009
    - Bulletin Severity Rating: Critical
    - Version: 1.1
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory Notification - Oct. 14, 2009

    Issued: October 14, 2009

    Security Advisory Updated or Released Today

    * Microsoft Security Advisory (973811)
    - Title: Extended Protection for Authentication
    http://www.microsoft.com/technet/security/advisory/973811.mspx

    Revisions:

    • V1.0 (August 11, 2009): Advisory published.

    • V1.1 (October 14, 2009): Updated the FAQ with information about a non-security update included in MS09-054 relating to WinINET
    .
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-054 - Critical
    Cumulative Security Update for Internet Explorer (974455)
    Published: October 13, 2009 | Updated: October 18, 2009

    Version: 1.1
    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 18, 2009): Revised the Executive Summary and added FAQ entries for CVE-2009-2529 to provide direction for Firefox users.


    http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-053 - Important
    Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
    Published: October 13, 2009 | Updated: October 19, 2009

    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 19, 2009): Removed the acknowledgments section. Corrected the affected software and severity tables to reclassify Windows XP Professional x64 Edition Service Pack 2 as running IIS 6.0.


    http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx
     
  11. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-061 - Critical
    Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (97437:cool:
    Published: October 13, 2009 | Updated: October 21, 2009

    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 21, 2009): Corrected the deployment information for Microsoft .NET Framework on all supported releases of Microsoft Windows. This is an informational change only. Customers who have successfully installed this update do not need to reinstall.


    http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx


    Microsoft Security Bulletin MS09-060 - Critical
    Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
    Published: October 13, 2009 | Updated: October 21, 2009
    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 21, 2009): Added entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to describe the known issue update available from KB974554, KB974556, or KB974234.


    http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
     
  12. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-043 - Critical
    Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (95763:cool:
    Published: August 11, 2009 | Updated: October 27, 2009


    Revisions
    • V1.0 (August 11, 2009): Bulletin published.

    • V1.1 (August 12, 2009): Corrected the restart requirement for Visual Studio .NET 2003; updated the tables in the Detection and Deployment Tools and Guidance section; updated the impact description of the workaround, "Prevent Office Web Components Library from running in Internet Explorer;" corrected the update installation switches for Internet Security and Acceleration Server 2004 and Internet Security and Acceleration Server 2006; and performed miscellaneous edits.

    • V2.0 (October 27, 2009): Bulletin revised to communicate the rerelease of the update for Microsoft Office 2003 Service Pack 3 and Microsoft Office 2003 Web Components Service Pack 3 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.

    http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
     
  13. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-062 - Critical
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (95748:cool:
    Published: October 13, 2009 | Updated: October 28, 2009

    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 14, 2009): Added Microsoft SQL Server 2005 Express Edition Service Pack 3 to the Non-Affected Software table, and updated the Developer Tools entries in the Detection and Deployment Tools and Guidance section.

    • V2.0 (October 28, 2009): Added Microsoft Office Visio Viewer 2007, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2 as affected software, and added SQL Server 2008 and SQL Server 2008 Service Pack 1 to the Non-Affected Software table. Also added notes to the Affected Software table for SQL Server 2005 customers with a Reporting Services SharePoint dependency; corrected the MBSA detection entries for Microsoft Report Viewer; and corrected the log file and registry key verification information for Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4.


    http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
     
  14. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-052 - Critical
    Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
    Published: October 13, 2009 | Updated: October 29, 2009

    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 29, 2009): Removed a workaround. Also added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to clarify why some customers without Windows Media Player 6.4 on their systems may be offered this update.

    http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
     
  15. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-054 - Critical
    Cumulative Security Update for Internet Explorer (974455)
    Published: October 13, 2009 | Updated: November 02, 2009


    Revisions
    • V1.0 (October 13, 2009): Bulletin published.

    • V1.1 (October 18, 2009): Revised the Executive Summary and added FAQ entries for CVE-2009-2529 to provide direction for Firefox users.

    • V1.2 (October 19, 2009): Added a link to Microsoft Knowledge Base Article 974455 under Known Issues in the Executive Summary.

    • V2.0 (November 2, 2009): Revised to announce the availability of a hotfix to address application compatibility issues. Customers who have already applied this update may install the hotfix from Microsoft Knowledge Base Article 976749. Also corrected the log file names, spuninst folder names, and registry key values for Microsoft Windows 2000.

    http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx
     
Loading...
Thread Status:
Not open for further replies.