Home > Microsoft Security > Microsoft Security Bulletin Summary For June 2009

Microsoft Security Bulletin Summary For June 2009

Bulletin Summary: Microsoft Security Bulletin Summary for March 2009 Critical Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) This security update resolves several privately reported vulnerabilities in the Windows For more information on this installation option, see Server Core. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Note SMS uses the Microsoft Baseline Security Analyzer to provide broad support for security bulletin update detection and deployment. http://img4skype.com/microsoft-security/microsoft-security-bulletin-summary-for-june-2007.html

Includes all Windows content. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS09-066 Vulnerability in Active Directory Could Allow Denial of Service (973309) This security update resolves a privately reported vulnerability in Active Directory directory service, Active Microsoft Security Software Microsoft Forefront Security Bulletin Identifier MS09-062 Aggregate Severity Rating Important Microsoft Forefront Client Security 1.0 Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack However, due to additional checks on the heap, a functioning remote code execution exploit is very unlikely.

V4.2 (June 22, 2010): Removed .NET Framework 1.1 Service Pack 1 as an affected component on Windows 7 and Windows Server 2008 R2 for MS09-061. For more information, see Microsoft Knowledge Base Article 913086. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely.

These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Includes all Windows content. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. These updates must be downloaded from the microsoft.com download center or Windows Update. https://technet.microsoft.com/en-us/library/security/ms09-apr.aspx MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) CVE-2009-2517 3 - Functioning exploit code unlikelyThis is a denial of service vulnerability.

See the individual bulletins for details. Finally, security updates can be downloaded from the Microsoft Update Catalog. Windows Updates Microsoft Security Bulletin Summary for september 2009Microsoft Security Bulletin Summary for september 2009 Microsoft Security Bulletin Summary for september 2009 Published: september 8 2009 Note:... Important Remote Code ExecutionMay require restartMicrosoft Office Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month.

To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. http://www.cgisecurity.com/2009/06/microsoft-security-bulletin-summary-for-june-2009.html For more information, see Microsoft Security Bulletin Summaries and Webcasts. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks Any exploits other than a denial of service are expected to be unreliable.

To continue getting the latest updates for Microsoft Office products, use Microsoft Update. Get More Info NICK ADSL UK, Jun 9, 2009 #1 NICK ADSL UK Administrator Joined: May 13, 2003 Posts: 9,235 Location: UK Malicious Software Removal Tool Published: January 11, 2005 | Updated: June 9, This documentation is archived and is not being maintained. Microsoft Server Software Microsoft SQL Server Bulletin Identifier MS09-062 Aggregate Severity Rating Critical SQL Server 2000 Reporting Services Service Pack 2GDR updateNot applicableQFE update:SQL Server 2000 Reporting Services Service Pack 2(KB970899)(Critical)

You should review each software program or component listed to see whether any security updates pertain to your installation. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. International customers can receive support from their local Microsoft subsidiaries. useful reference Critical Remote Code ExecutionMay require restartMicrosoft Office MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) This security update resolves a privately reported vulnerability in the Microsoft Works

The next release of SMS, System Center Configuration Manager 2007, is now available; see also System Center Configuration Manager 2007. Product(s): Security. Your username or email address: Do you already have an account?

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

How do I use these tables? If you continue to use this site we will assume that you are happy with it.Ok Join Now Help Remember Me? For more information about how administrators can use SMS 2003 to deploy security updates, see SMS 2003 Security Patch Management. Security updates are also available at the Microsoft Download Center.

Security Advisories and Bulletins Security Bulletin Summaries 2009 2009 MS09-NOV MS09-NOV MS09-NOV MS09-DEC MS09-NOV MS09-OCT MS09-SEP MS09-AUG MS09-JUL MS09-JUN MS09-MAY MS09-APR MS09-MAR MS09-FEB MS09-JAN TOC Collapse the table of content Expand Eiram of Secunia for reporting two issues described in MS09-021 TELUS Security Labs Vulnerability Research Team for reporting an issue described in MS09-021 Sean Larsson and Joshua Drake of VeriSign iDefense Security Advisories and Bulletins Security Bulletin Summaries 2009 2009 MS09-APR MS09-APR MS09-APR MS09-DEC MS09-NOV MS09-OCT MS09-SEP MS09-AUG MS09-JUL MS09-JUN MS09-MAY MS09-APR MS09-MAR MS09-FEB MS09-JAN TOC Collapse the table of content Expand this page For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. How do I use this table? Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter.

Critical Remote Code ExecutionRequires restartMicrosoft Windows MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) This security update resolves two privately reported vulnerabilities in Windows Media Runtime. This can trigger incompatibilities and increase the time it takes to deploy security updates. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability. Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates.

Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) CVE-2009-2507 2 - Inconsistent exploit code likely(None) MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) CVE-2009-2515 2 Microsoft Office Suites and Software Microsoft Office Suites, Systems, and Components Bulletin Identifier MS09-060 MS09-062 Aggregate Severity Rating Critical Important Microsoft Office XP Microsoft Outlook 2002 Service Pack 3 (KB973702)(Critical) Microsoft Some security updates require administrative rights following a restart of the system.

For more information, see New Version Availability. - Originally posted: - Updated: July 1, 2009 - Bulletin Severity Rating: - Version: 3.0 NICK ADSL UK, Jul 2, 2009 #6 (You For details on affected software, see the next section, Affected Software and Download Locations. Critical Remote Code ExecutionRequires restartMicrosoft Windows MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) This security update resolves three privately reported vulnerabilities in Windows Print Spooler. Use the provided Fix It Solution or work-around to help protect your systems.Security Bulletin summary is at:For IT Pro: http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspxFor Home users: http://www.microsoft.com/protect/computer/updates/bulletins/200906.mspxThe Microsoft Security Response Center (MSRC) blog: http://blogs.technet.com/msrcMicrosoft Security

By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. Note As of August 1, 2009, Microsoft discontinued support for Office Update and the Office Update Inventory Tool.