Security patches
MS09-010/KB923561 - Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur. The files are Office, RTF, Write, and WordPerfect files, and the exploit is triggered when they are opened in either WordPad or Word. For Word 2000 users, this is a “Critical” bug; for Word 2002, Office Converter Pack, and WordPad it is “Important.” Until you install this patch, do not open these types of documents from “untrusted” sources. There is a known issue with this patch around opening Word 6.0 and Write documents; read this KB article for more details. Frankly, I think that this patch is a “must install” despite the “Important” label; too many people open documents from all over the place. It affects 32-bit, 64-bit, and Itanium versions of Windows.
MS09-011/KB961373 - Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x. Users with restricted accounts will possibly not be quite as impacted should they encounter one of these files. You should install this patch immediately. It affects 32-bit, 64-bit, and Itanium versions of Windows.
MS09-012/KB952004/KB956572 - Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system. Seeing as the attacker already needs to be logged on and able to run code, this is not a “drop everything you are doing and install this patch!” item, but you should definitely include it in your next update push to the desktops. It affects 32-bit, 64-bit, and Itanium versions of Windows as well as Windows 2008 Server Core. If you are running XP, Vista, 2003, or 2008, check this KB for known issues around some settings that may not be preserved after deploying the patch.
MS09-013/KB960803 - Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems. Note, this is not an “IIS” bug! It affects 32-bit, 64-bit, and Itanium versions of Windows as well as Windows 2008 Server Core. You may see some problems with NTLM authentication if you use IPv6 addresses after installing the patch.
MS09-014/KB963027 - Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch. It affects 32-bit, 64-bit, and Itanium versions of Windows. You may see some problems with NTLM authentication if you use IPv6 addresses after installing the patch.
MS09-015/KB959426 - Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows SearchPath function that could enable an escalation of privileges. The exploit has a rather convoluted attack vector with a lot of “if the user does this” type items involved, which is why the security rating is so low. Include this in your next scheduled push of patches; there is little reason to scramble on this one. It affects 32-bit, 64-bit, and Itanium versions of Windows as well as Windows 2008 Server Core. Check the KB article if you have issues with an XSI 5.0 application not loading after the patch is installed.
Other updates
KB969058 - Important (IE8 on Vista x64): When you disable IE8 on 64-bit Vista, the “Internet Explorer (No Add-ons)” shortcut does not get removed; this patch fixes that.
KB944036 - High Priority (IE8 on XP, Vista, 2003, 2008): This is a big one: Internet Explorer 8 is now a patch/release item. Be aware! Thankfully, the priority/classification should not make it automatically install.
“The Usual Suspects”: Updates to the Malicious Software Removal Tool and Junk Email filters.
Changed, but not significantly: None on this Patch Tuesday.
Updates since the last Patch Tuesday
There have been a number of minor items since the last Patch Tuesday:
KB905474: Updates to Windows Genuine Advantage Notification.
KB926139/KB926140/KB926141/KB928439: Updates to PowerShell for Windows XP, Vista, and 2003.
KB955706: Upgrades the Windows Internal Database that SharePoint, WSUS, AD Rights Management Services, Windows System Resource Manager, and UDDI Services rely upon.
KB956587: Windows Home Server Power Pack 2. Adds:
Streaming of MP4 files.
Adds Music, Photos, Videos, and Recorded TV shared folders on the Home Server to Windows Media Center.
Allows Media Center Extenders to not use the “Guest” account.
Web-based diagnostic systems to test outside connectivity.
Prevents accidental overwrites of connector files.
Limits file transfers from Vista to make sure that they are not larger than the available disk space on the Home Server.
KB967902: Fixes an issue with expired certificates while connecting to VMs on Windows 2008 x64.
Changed, but not significantly: MS07-055/KB923810, Microsoft Base Smart Card Cryptographic Service Provider Package, Windows Server 2008 Server Manager, WSUS 3 SP 1 update, IE8 Compatibility View List.
MS09-010/KB923561 - Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur. The files are Office, RTF, Write, and WordPerfect files, and the exploit is triggered when they are opened in either WordPad or Word. For Word 2000 users, this is a “Critical” bug; for Word 2002, Office Converter Pack, and WordPad it is “Important.” Until you install this patch, do not open these types of documents from “untrusted” sources. There is a known issue with this patch around opening Word 6.0 and Write documents; read this KB article for more details. Frankly, I think that this patch is a “must install” despite the “Important” label; too many people open documents from all over the place. It affects 32-bit, 64-bit, and Itanium versions of Windows.
MS09-011/KB961373 - Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x. Users with restricted accounts will possibly not be quite as impacted should they encounter one of these files. You should install this patch immediately. It affects 32-bit, 64-bit, and Itanium versions of Windows.
MS09-012/KB952004/KB956572 - Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system. Seeing as the attacker already needs to be logged on and able to run code, this is not a “drop everything you are doing and install this patch!” item, but you should definitely include it in your next update push to the desktops. It affects 32-bit, 64-bit, and Itanium versions of Windows as well as Windows 2008 Server Core. If you are running XP, Vista, 2003, or 2008, check this KB for known issues around some settings that may not be preserved after deploying the patch.
MS09-013/KB960803 - Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems. Note, this is not an “IIS” bug! It affects 32-bit, 64-bit, and Itanium versions of Windows as well as Windows 2008 Server Core. You may see some problems with NTLM authentication if you use IPv6 addresses after installing the patch.
MS09-014/KB963027 - Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch. It affects 32-bit, 64-bit, and Itanium versions of Windows. You may see some problems with NTLM authentication if you use IPv6 addresses after installing the patch.
MS09-015/KB959426 - Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows SearchPath function that could enable an escalation of privileges. The exploit has a rather convoluted attack vector with a lot of “if the user does this” type items involved, which is why the security rating is so low. Include this in your next scheduled push of patches; there is little reason to scramble on this one. It affects 32-bit, 64-bit, and Itanium versions of Windows as well as Windows 2008 Server Core. Check the KB article if you have issues with an XSI 5.0 application not loading after the patch is installed.
Other updates
KB969058 - Important (IE8 on Vista x64): When you disable IE8 on 64-bit Vista, the “Internet Explorer (No Add-ons)” shortcut does not get removed; this patch fixes that.
KB944036 - High Priority (IE8 on XP, Vista, 2003, 2008): This is a big one: Internet Explorer 8 is now a patch/release item. Be aware! Thankfully, the priority/classification should not make it automatically install.
“The Usual Suspects”: Updates to the Malicious Software Removal Tool and Junk Email filters.
Changed, but not significantly: None on this Patch Tuesday.
Updates since the last Patch Tuesday
There have been a number of minor items since the last Patch Tuesday:
KB905474: Updates to Windows Genuine Advantage Notification.
KB926139/KB926140/KB926141/KB928439: Updates to PowerShell for Windows XP, Vista, and 2003.
KB955706: Upgrades the Windows Internal Database that SharePoint, WSUS, AD Rights Management Services, Windows System Resource Manager, and UDDI Services rely upon.
KB956587: Windows Home Server Power Pack 2. Adds:
Streaming of MP4 files.
Adds Music, Photos, Videos, and Recorded TV shared folders on the Home Server to Windows Media Center.
Allows Media Center Extenders to not use the “Guest” account.
Web-based diagnostic systems to test outside connectivity.
Prevents accidental overwrites of connector files.
Limits file transfers from Vista to make sure that they are not larger than the available disk space on the Home Server.
KB967902: Fixes an issue with expired certificates while connecting to VMs on Windows 2008 x64.
Changed, but not significantly: MS07-055/KB923810, Microsoft Base Smart Card Cryptographic Service Provider Package, Windows Server 2008 Server Manager, WSUS 3 SP 1 update, IE8 Compatibility View List.
Comments