Microsoft Security Bulletin Summary for September 2009

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 8, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for september 2009

    Microsoft Security Bulletin Summary for september 2009
    Published: september 8 2009


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:


    http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx

    Critical (5)


    Microsoft Security Bulletin MS09-045
    Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
    http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx

    Microsoft Security Bulletin MS09-049
    Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
    http://www.microsoft.com/technet/security/bulletin/ms09-049.mspx

    Microsoft Security Bulletin MS09-047
    Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
    http://www.microsoft.com/technet/security/bulletin/ms09-047.mspx

    Microsoft Security Bulletin MS09-048
    Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
    http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx

    Microsoft Security Bulletin MS09-046
    Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
    http://www.microsoft.com/technet/security/bulletin/ms09-046.mspx


    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1 866 PCSafety 1 866 727 2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft® Windows® Malicious Software Removal Tool (KB890830)
    Brief Description
    This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

    Date Published: 9/8/2009
    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft September Security Bulletins (Level 200)
    Event ID: 1032407486

    Language(s): English.
    Product(s): Security.
    Audience(s): IT Generalist.


    Duration: 90 Minutes
    Start Date: Wednesday, September 09, 2009 11:00 AM Pacific Time (US & Canada)


    Event Overview

    On September 8, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the September security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Christopher Budd, Trustworthy Computing Senior Public Relations Manager, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation


    Register now for the september security bulletin webcast.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-035 - Moderate
    Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
    Published: July 28, 2009 | Updated: September 08, 2009


    Revisions
    • V1.0 (July 28, 2009): Bulletin published.


    • V1.1 (August 4, 2009): Added new entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that the Known issues with this security update section in the associated Microsoft Knowledge Base Article 969706 has been updated, and that the update detection logic for KB973923 and KB973924 has been revised to correct a package re-offering issue; and to clarify the difference between the Visual C++ Redistributable packages and the other Visual Studio updates.

    • V2.0 (August 11, 2009): Bulletin rereleased to offer new updates for Microsoft Visual Studio 2005 Service Pack 1 (KB973673), Microsoft Visual Studio 2008 (KB973674), and Microsoft Visual Studio 2008 Service Pack 1 (KB973675), for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices.

    • V2.1 (August 12, 2009): Updated the Affected Software table to list MS07-012 as replaced by the update for Microsoft Visual Studio .NET 2003 Service Pack 1; added a new entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to clarify why Microsoft Download Center update KB numbers for Visual C++ Redistributable packages differ from SMS, SCCM, WSUS and MU update KB numbers; corrected restart requirements throughout the bulletin; added Product Code Verification entries to the update deployment reference tables for Microsoft Visual Studio 2005 Service Pack 1, and Microsoft Visual Studio 2008 and Microsoft Visual Studio 2008 Service Pack 1; and performed miscellaneous edits.

    • V2.2 (August 19, 2009): Added a link to Microsoft Knowledge Base Article 974653 to provide instructions for using product codes to verify the installation of the updates for Microsoft Visual Studio 2005 Service Pack 1 and Microsoft Visual Studio 2008 and Microsoft Visual Studio 2008 Service Pack 1.

    • V2.3 (September 8, 2009): Added a new entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that Microsoft Knowledge Base Article 969706 has been revised to change the known issue KB974223 to KB974479, in order to offer a non-security update to fix the issue

    http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-048 - Critical
    Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
    Published: September 08, 2009 | Updated: September 09, 2009


    - Reason for Revision: V2.0 (September 9, 2009): Added Windows XP
    Service Pack 2, Windows XP Service Pack 3, and Windows XP
    Professional x64 Edition Service Pack 2 to the Affected
    Software table. Also added entries to the section, Frequently
    Asked Questions (FAQ) Related to This Security Update,
    explaining why Microsoft is not releasing updates for the
    affected Windows XP editions, and clarifying the scope of the
    updates for the denial of service vulnerabilities. There were
    no changes to the security updates offered in this bulletin.
    - Originally posted: September 8, 2009
    - Updated: September 9, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0
    http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (975497)

    Microsoft Security Advisory (975497)
    Vulnerabilities in SMB Could Allow Remote Code Execution
    Published: September 08, 2009 | Updated: September 17, 2009


    Revisions
    • V1.0 (September 8, 2009): Advisory published.

    • V1.1 (September 17, 2009): Clarified the FAQ, What is SMBv2? Added a link to Microsoft Knowledge Base Article 975497 to provide an automated Microsoft Fix it solution for the workaround, Disable SMB v2.


    http://www.microsoft.com/technet/security/advisory/975497.mspx
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS09-045 - Critical
    Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
    Published: September 08, 2009 | Updated: September 30, 2009

    Revisions
    • V1.0 (September 8, 2009): Bulletin published.

    • V1.1 (September 9, 2009): Corrected the update package file name for JScript 5.6 on all supported x64-based editions of Windows Server 2003.

    • V1.2 (September 30, 2009): Added information about known issues related to uninstalling the security update and verifying the registry key on Windows XP and Windows Server 2003.

    http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx
     
Loading...
Thread Status:
Not open for further replies.