Home > Microsoft Security > Microsoft Security Bulletin Summary For August 2009
Microsoft Security Bulletin Summary For August 2009
The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners. MS09-042 Vulnerability in Telnet Could Allow Remote Code Execution (960859) CVE-2009-1930 1 - Consistent exploit code likelyThis vulnerability is similar to previous NTLM credential reflection vulnerabilities for which exploit code already For more information on this installation option, see Server Core. Check This Out
Revisions V1.0 (November 10, 2009): Bulletin Summary published. Microsoft Server and Security Software Microsoft Forefront Bulletin Identifier MS09-016 Aggregate Severity Rating Important Microsoft Forefront Threat Management Gateway Microsoft Forefront Threat Management Gateway, Medium Business Edition*(KB968075)(Important) Internet Security and Acceleration In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Detection and Deployment Guidance Microsoft provides detection and deployment guidance for security updates. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. Security Advisories and Bulletins Security Bulletin Summaries 2012 2012 MS12-AUG MS12-AUG MS12-AUG MS12-DEC MS12-NOV MS12-OCT MS12-SEP MS12-AUG MS12-JUL MS12-JUN MS12-MAY MS12-APR MS12-MAR MS12-FEB MS12-JAN TOC Collapse the table of content Expand
Update Compatibility Evaluator and Application Compatibility Toolkit Updates often write to the same files and registry settings required for your applications to run. See the individual bulletins for details. IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.
Microsoft hosted a webcast to address customer questions on the regularly scheduled bulletins on July 15, 2009, at 11:00 AM Pacific Time (US & Canada). V2.1 (September 1, 2010): Added note for MS10-056 to inform customers using Word 2007 that in addition to security update package KB2251419, they also need to install the security update package The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. https://technet.microsoft.com/en-us/library/security/ms09-nov.aspx Notes for MS09-062 These updates are identical. These updates are identical. These updates are identical.
See Microsoft Security Bulletin MS09-034. Important Remote Code ExecutionMay require restartMicrosoft Office MS10-058 Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) This security update resolves two privately reported vulnerabilities in Microsoft Windows. MS09-067 Excel Cache Memory Corruption Vulnerability CVE-2009-3127 2 - Inconsistent exploit code likely(None) MS09-067 Excel SxView Memory Corruption Vulnerability CVE-2009-3128 2 - Inconsistent exploit code likely(None) MS09-067 Excel Featheader Record Memory Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For details on affected software, see the next section, Affected Software and Download Locations. V3.1 (November 4, 2009): Removed erroneous references to the original release version of Microsoft Office Visio Viewer 2007 as affected software in MS09-060 and MS09-062. Non-Security, High-Priority Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services
Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. his comment is here The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. V3.0 (November 2, 2009): Revised to announce the availability of a hotfix for MS09-054 to address application compatibility issues. Consumers can visit Security At Home, where this information is also available by clicking "Latest Security Updates".
The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. this contact form Security Advisories and Bulletins Security Bulletin Summaries 2009 2009 MS09-JAN MS09-JAN MS09-JAN MS09-DEC MS09-NOV MS09-OCT MS09-SEP MS09-AUG MS09-JUL MS09-JUN MS09-MAY MS09-APR MS09-MAR MS09-FEB MS09-JAN TOC Collapse the table of content Expand
The update for the Office 2003 Web Components for the 2007 Microsoft Office System component detects for SQL Server 2008 and Microsoft Forefront Threat Management Gateway Medium Business Edition and will Register now for the April Security Bulletin Webcast. For more information see the TechNet Update Management Center.
The most severe vulnerability could allow remote code execution.
Obtaining Other Security Updates Updates for other security issues are available from the following locations: Security updates are available from Microsoft Download Center. V4.2 (June 22, 2010): Removed .NET Framework 1.1 Service Pack 1 as an affected component on Windows 7 and Windows Server 2008 R2 for MS09-061. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. You should review each software program or component listed to see whether any security updates pertain to your installation.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. navigate here Customers in the U.S.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. This documentation is archived and is not being maintained. Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems. Security updates are also available at the Microsoft Download Center.
You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.