Home > Microsoft Security > Microsoft Security Bulletin Summary For February 2009

Microsoft Security Bulletin Summary For February 2009

Finally, security updates can be downloaded from the Microsoft Update Catalog. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. You’ll be auto redirected in 1 second. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? http://justjoomla.net/microsoft-security/microsoft-security-bulletin-jan-2009.html

By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. For more information see the TechNet Update Management Center. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. Acknowledgments Microsoft thanks the following for working with us to help protect customers: Matthieu Suiche of the Netherlands Forensics Institute for reporting an issue described in MS09-050 Ivan Fratric of Zero

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. Notes for Windows Server 2008 and Windows Server 2008 R2 *Server Core installation affected. You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit 5.0.

For more information, see the Microsoft Security Vulnerability Research & Defense blog, Prioritizing the deployment of the SMB bulletin. Note SMS uses the Microsoft Baseline Security Analyzer to provide broad support for security bulletin update detection and deployment. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Please see the section, Other Information.

References Microsoft Security Bulletin Summary for February 2009 http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx US-CERT Technical Cyber Security Alert TA09-041A Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA09-041A.html If you have any information you could provide regarding this This bulletin spans more than one software category. Windows Operating System and Components Microsoft Windows 2000 Bulletin Identifier MS09-001 Aggregate Severity Rating Critical Microsoft Windows 2000 Service Pack 4 Microsoft Windows 2000 Service Pack 4 (Critical) Windows XP Bulletin However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates.

Microsoft Update https://update.microsoft.com/ Windows Update https://windowsupdate.microsoft.com/ III. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Critical Security Bulletins =========================== Microsoft Security Bulletin MS09-002 - Affected Software: - Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3 - Internet Explorer 7 The content you requested has been removed.

For more information, see Microsoft Security Bulletin Summaries and Webcasts. For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Includes all Windows content. * http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows Microsoft Active Protections Program (MAPP) =========================================== To improve security protections for customers, Microsoft http://justjoomla.net/microsoft-security/microsoft-security-bulletin-ms02-030.html International customers can receive support from their local Microsoft subsidiaries. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. You’ll be auto redirected in 1 second.

There is no charge for support calls that are associated with security updates. This vulnerability may only be exploited if the attacker is on-link. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS10-003 Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214 ) This security update resolves a privately reported vulnerability in Microsoft Office that Check This Out Critical Remote Code ExecutionMay require restartMicrosoft Windows MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) This security update resolves several

Important Elevation of PrivilegeRequires restartMicrosoft Windows MS10-005 Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706 ) This security update resolves a privately reported vulnerability in Microsoft Paint. Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion

In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation

International customers can receive support from their local Microsoft subsidiaries. Report abuse 24-03-2009, 8:50 PM 32892 in reply to 32694 technical chap Joined on 24-03-2009 Posts 1,460 Re: Microsoft Security Bulletin Summary for February 2009 Reply Quote THink MS is planning The full version of the Microsoft Security Bulletin Summary for February 2009 can be found at http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs)

After this date, this webcast is available on-demand. MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) CVE-2009-2510 3 - Functioning exploit code unlikelyThis is a spoofing vulnerability. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. **Windows Server 2008 server core installation not affected. this contact form The denial of service could persist until the domain controller is restarted.

Security updates are also available at the Microsoft Download Center. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Revisions V1.0 (October 13, 2009): Bulletin Summary published. Back to top Back to Software Update Announcements 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear SpywareInfo Forum → General Computing

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Please see the section, Other Information. With the release of the bulletins for February 2010, this bulletin summary replaces the bulletin advance notification originally issued February 4, 2010.

Moderate Remote Code ExecutionMay require restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. For more information, see Microsoft Knowledge Base Article 961747. Register now for the February Security Bulletin Webcast.

Note for MS09-061 See also other software categories under this section, Affected Software and Download Locations, for more update files under the same bulletin identifier. For more information, see Microsoft Knowledge Base Article 910723. You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. Register now for the October security bulletin webcast.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. For more information about available support options, see Microsoft Help and Support.

Non-Security, High-Priority Updates on MU, WU, and WSUS: ======================================================== Please see: * http://support.microsoft.com/kb/894199: Microsoft Knowledge Base Article 894199, Description of Software Update Services and Windows Server Update Services changes in content.