Home > Microsoft Security > Microsoft Security Bulletin Summary For January 2009

Microsoft Security Bulletin Summary For January 2009

SMS 2.0 users can also use the Software Updates Services Feature Pack to help deploy security updates. Includes all Windows content. * http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows Microsoft Active Protections Program (MAPP) =========================================== To improve security protections for customers, Microsoft Detection and Deployment Guidance Microsoft has provided detection and deployment guidance for this month’s security updates. The content you requested has been removed. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-november-2009.html

By searching using the security bulletin number (such as, “MS07-036”), you can add all of the applicable updates to your basket (including different languages for an update), and download to the We appreciate your feedback. IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community. Notes for MS09-062 [2]Severity ratings do not apply to this update because Microsoft has not identified any attack vectors relating to the vulnerabilities discussed in this bulletin specific to these software.

Finally, security updates can be downloaded from the Microsoft Update Catalog. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Non-Security, High-Priority Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services See the other tables in this section for additional affected software.

Acknowledgments Microsoft thanks the following for working with us to help protect customers: TippingPoint and the Zero Day Initiative, for reporting an issue described in MS09-002 Sam Thomas (http://eshu.co.uk/), working with Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities are listed in order of bulletin ID and CVE ID. Revisions V1.0 (January 12, 2016): Bulletin Summary published.

No updated version of the Microsoft Windows Malicious Software Removal Tool is available for out-of-band security bulletin releases. For more information, see the following:Microsoft Knowledge Base Article 2920727Microsoft Knowledge Base Article 2881029Microsoft Knowledge Base Article 2881067Microsoft Knowledge Base Article 3039794Microsoft Knowledge Base Article 3124585 Page generated 2016-02-22 10:14-08:00. For details on affected software, see the next section, Affected Software. https://technet.microsoft.com/en-us/library/security/ms09-oct.aspx MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) CVE-2009-2511 3 - Functioning exploit code unlikelyThis is a spoofing vulnerability.

You’ll be auto redirected in 1 second. Includes all Windows content. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion Note You may have to install several security updates for a single vulnerability.

For more information see the TechNet Update Management Center. For more information on this installation option, see Server Core. V8.0 (March 9, 2010): Revised to add Microsoft Virtual Server 2005 to affected software for MS09-033. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!

The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. weblink Microsoft Office Suites and Software Microsoft Office Suites, Systems, and Components Bulletin Identifier MS09-060 MS09-062 Aggregate Severity Rating Critical Important Microsoft Office XP Microsoft Outlook 2002 Service Pack 3 (KB973702)(Critical) Microsoft You’ll be auto redirected in 1 second. Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion

For more information, see the Microsoft Security Vulnerability Research & Defense blog, Prioritizing the deployment of the SMB bulletin. Important Denial of ServiceRequires restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. For more information about how administrators can use SMS 2003 to deploy security updates, see SMS 2003 Security Patch Management. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-ms08-041.html For more information see the TechNet Update Management Center.

Bulletin IDBulletin TitleCVE IDExploitability Index AssessmentKey Notes MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution (958687) CVE-2008-4114 3 - Functioning exploit code unlikelyThis vulnerability cannot be leveraged for remote code Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates. Executive Summaries The following table summarizes the security bulletins for this month in order of severity.

The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

Note SMS uses the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin update detection and deployment. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Includes all Windows content. Note You may have to install several security updates for a single vulnerability.

Security Advisories and Bulletins Security Bulletin Summaries 2009 2009 MS09-OCT MS09-OCT MS09-OCT MS09-DEC MS09-NOV MS09-OCT MS09-SEP MS09-AUG MS09-JUL MS09-JUN MS09-MAY MS09-APR MS09-MAR MS09-FEB MS09-JAN TOC Collapse the table of content Expand This bulletin spans both Windows Operating System and Components and Microsoft Server Software. V1.2 (January 19, 2016): Added a Known Issues reference to the Executive Summaries table for MS16-004. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-ms04-013.html For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Some security updates require administrative rights following a restart of the system. See Microsoft Security Bulletin MS09-034. If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) CVE-2009-0090 1 - Consistent exploit code likely(None) MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime

V4.2 (June 22, 2010): Removed .NET Framework 1.1 Service Pack 1 as an affected component on Windows 7 and Windows Server 2008 R2 for MS09-061. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows.

Note You may have to install several security updates for a single vulnerability. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option.