Home > Microsoft Security > Microsoft Security Bulletin November 2009

Microsoft Security Bulletin November 2009

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS09-065 Win32k NULL Pointer Dereferencing Vulnerability CVE-2009-1127 2 - Inconsistent exploit code likely(None) MS09-065 Win32k Insufficient Data Validation Vulnerability CVE-2009-2513 1 - Consistent exploit code likely(None) MS09-065 Win32k EOT Parsing Vulnerability The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. For more information on this installation option, see Server Core. check over here

For details on affected software, see the next section, Affected Software and Download Locations. In order to be protected from the vulnerabilities described in MS09-003, customers running the Microsoft Exchange Server MAPI Client must update to version 6.5.8069 of the MAPI Client.  Microsoft SQL Server Maximum Severity Rating Important Impact of Vulnerability Remote Code Execution Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems. https://technet.microsoft.com/en-us/library/security/ms09-nov.aspx

MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) CVE-2009-0086 1 - Consistent exploit code likelyThis is an easily controllable memory vulnerability with multiple attack vectors and opportunities Security updates are also available at the Microsoft Download Center. MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) CVE-2009-0088 1 - Consistent exploit code likelyThis vulnerability is exploitable but only affects older versions and an

Detection and Deployment Guidance Microsoft provides detection and deployment guidance for security updates. Non-Security, High-Priority Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options. Microsoft Security Bulletin Summary for January 2009 Published: January 13, 2009 Version: 1.0 This bulletin summary lists security bulletins released for January 2009.

Note As of August 1, 2009, Microsoft discontinued support for Office Update and the Office Update Inventory Tool. For more information on this installation option, see Server Core. For more information about the Microsoft Update Catalog, see the Microsoft Update Catalog FAQ. https://technet.microsoft.com/en-us/library/security/ms09-jan.aspx See also other software categories under this section, Affected Software and Download Locations, for more update files under the same bulletin identifier.

Microsoft ISA Server 2004 Standard Edition is also delivered as a component of Windows Small Business Server 2003 Enterprise Edition Service Pack 1 and Windows Small Business Server 2003 R2 Enterprise Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD: To perform a selective vulnerability scan, configure a scan profile to use the following options: Ensure access to TCP ports 135 and 139 are available. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Active Directory Denial of Service Vulnerability Severity: Critical 4 Qualys ID: 90568 Vendor Reference: MS09-066 CVE Reference: CVE-2009-1928 CVSS Scores: Base 7.1, Temporal 5.3 Threat: Active Directory provides central https://technet.microsoft.com/en-us/library/security/ms08-nov.aspx This guidance will also help IT professionals understand how they can use various tools to help deploy the security update, such as Windows Update, Microsoft Update, Office Update, the Microsoft Baseline Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS09-063 Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) This security update resolves Customers in the U.S.

Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. **Windows Server 2008 server core installation not affected. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-ms04-013.html Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on For more information about MBSA, visit Microsoft Baseline Security Analyzer. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

The vulnerabilities could allow remote code execution on affected systems. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or this content See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]> TechNet Products Products Windows Windows Server System Center Browser

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options. This can trigger incompatibilities and increase the time it takes to deploy security updates.

Notes for MS09-062 See also other software categories under this section, Affected Software and Download Locations, for more update files under the same bulletin identifier.

Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity. There is no charge for support calls that are associated with security updates.

You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit 5.0. Other Information Microsoft Windows Malicious Software Removal Tool Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, V1.1 (October 14, 2009): Corrected the download link for Windows XP x64 Edition Service Pack 2 for MS09-055. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-ms08-041.html For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Bulletin Information Executive Summaries The security bulletins for this month are as follows, in order of severity: Critical (1) Bulletin IdentifierMicrosoft Security Bulletin MS08-069 Bulletin Title Vulnerabilities in Microsoft XML Core