Jump to content


Photo

MS Security Bulletin Summary - October 2009


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 October 2009 - 10:28 AM

FYI...

- http://www.microsoft...n/MS09-oct.mspx
October 13, 2009 - "This bulletin summary lists security bulletins released for October 2009...
(Total of -13-)

Critical -8-

Microsoft Security Bulletin MS09-050
Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
- http://www.microsoft...n/ms09-050.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-051
Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
- http://www.microsoft...n/ms09-051.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-052
Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
- http://www.microsoft...n/ms09-052.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-054
Cumulative Security Update for Internet Explorer (974455)
- http://www.microsoft...n/ms09-054.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-055
Cumulative Security Update of ActiveX Kill Bits (973525)
- http://www.microsoft...n/ms09-055.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-060
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
- http://www.microsoft...n/ms09-060.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Microsoft Security Bulletin MS09-061
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
- http://www.microsoft...n/ms09-061.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

Microsoft Security Bulletin MS09-062
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
- http://www.microsoft...n/ms09-062.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft SQL Server, Microsoft Developer Tools, Microsoft Forefront

Important -5-

Microsoft Security Bulletin MS09-053
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
- http://www.microsoft...n/ms09-053.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-056
Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
- http://www.microsoft...n/ms09-056.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-057
Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
- http://www.microsoft...n/ms09-057.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-058
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
- http://www.microsoft...n/ms09-058.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-059
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
- http://www.microsoft...n/ms09-059.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows
___

ISC Analysis
- http://isc.sans.org/...ml?storyid=7345
Last Updated: 2009-10-13 21:08:21 UTC
___

Severity summary and exploitability index
- http://blogs.technet...7/original.aspx
October 13, 2009

Deployment priority
- http://blogs.technet...8/original.aspx
October 13, 2009
___

MSRT
- http://support.micro...om/?kbid=890830
October 13, 2009 - Revision: 65.0
(Recent additions)
Win32/FakeRean August 2009 (V 2.13) Moderate
Win32/Bredolab September 2009 (V 2.14) Moderate
Win32/Daurso September 2009 (V 2.14) Moderate
Win32/FakeScanti October 2009 (V 3.0) Moderate
- http://www.microsoft...e/families.aspx
___

Do NOT Apply MS09-056/KB974571 to LCS/OCS Servers
- http://blogs.technet...cs-servers.aspx
October 13, 2009 11:04 PM - "Currently an issue is being observed after applying KB974571 (MS09-056: Vulnerabilities in CryptoAPI could allow spoofing) to LCS/OCS servers, that is causing them to believe that they are running an evaluation version of LCS/OCS and that it has expired..."
- http://support.micro....com/kb/974571/

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 November 2009 - 06:41 AM

FYI...

Update released for MS09-054
- http://blogs.technet...r-ms09-054.aspx
November 02, 2009 - "Today we released an update 976749 that addresses two issues with MS09-054 that a limited number customers reported to us through our Customer Service and Support (CSS) group. These two issues can affect the proper display of web pages. For additional details, please refer to Microsoft Knowledge Base article 976749*. Security update MS09-054 was released as part of the October Security Bulletin Release cycle and protects against the vulnerabilities outlined in the bulletin. Also, we’re not currently aware of any attempts to attack the vulnerabilities. While the number of customers affected by these two issues is limited, after working both with affected customers and our CSS group, we feel the best thing for all customers is to proactively provide this update as widely as possible to help prevent other customers from encountering the issues outlined in the KB. Because of this, we plan to release this update through the same broad release channels as the original security update, MS09-054. Customers will see 976749 offered by default through Windows Update, Microsoft Update, and Automatic Updates. Customers who have applied MS09-054 should go ahead and apply 976749. Customers who have not yet applied MS09-054 should apply -both- MS09-054 and 976749..."
* http://support.microsoft.com/kb/976749
November 3, 2009 - Revision: 5.0 - "...Important: Do not install this update if you have not installed security update 974455. If you install this update without first installing security update 974455, Internet Explorer may not work correctly. If this occurs, uninstall this update, install security update 974455, and then reinstall this update..."

- http://www.microsoft...n/ms09-054.mspx
• V2.0 (November 2, 2009): Revised to announce the availability of a hotfix to address application compatibility issues. Customers who have already applied this update may install the hotfix from Microsoft Knowledge Base Article 976749. Also corrected the log file names, spuninst folder names, and registry key values for Microsoft Windows 2000.

- http://secunia.com/advisories/36979/2/
Critical: Highly critical
2009-11-03: Updated "Solution" section as Microsoft issues an update to address certain problems introduced by the original patches. Added link in "Original Advisory" section.

:ph34r:

Edited by apluswebmaster, 03 November 2009 - 08:36 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button