Microsoft Patch Update Details-September 2009

Posted by on

Security patches

MS09-045/KB971961 - Critical (2000, XP, Vista, 2003, 2008): This patch fixes a flaw in the JavaScript engine of Internet Explorer that allows a remote code execution attack to be performed. Note that Windows 7 and Windows 2008 R2 are not affected by this issue. You should install this patch immediately. There are a few known installation issues, so check KB971961 for details. (The update is approximately 330 KB - 1.2 MB.)

MS09-046/KB956844 - Critical (XP, 2000)/Moderate (2003): Attackers can take advantage of the DHTML Editing Component ActiveX control to perform a remote code execution attack on Windows 2000, Windows XP, and Windows Server 2003 machines. The attacker gains the rights of the locally logged on user. You should install this patch in your next patch cycle; it shouldn’t be a problem if you disable ActiveX. (The update is approximately 550 KB - 1.2 MB.)

MS09-047/KB973812 - Critical (2000, XP, Vista, 2003, 2008): This patch corrects two problems in which the Windows Media Format can be used to execute remote code execution attacks. This affects Windows Media Player users, as well as servers with Windows Media Services. Itanium 2003 and 2008 systems and Windows 7 and Windows 2008 R2 systems are not affected. (The update is approximately 1.2 MB - 4.8 MB.)

/ MS09-048/KB967723 - Critical (Vista, 2008)/Important (2003):There are a number of issues with the TCP/IP handing in Windows Vista, Windows Server 2003, and Windows Server 2008. On Windows Server 2003, these issues are manifested as denial of service attacks; in Windows Vista and Windows Server 2008, the issues are full remote code execution vulnerabilities. Windows XP, Windows 7, and Windows Server 2008 R2 are not affected by this problem. You should install this patch immediately for any system directly connected to the Internet, and during the next patch cycle for systems that do not receive packets directly from the Internet.See KB967723 for known installation issues. (The update is approximately 800 KB - 6.2 MB.)

MS09-049/KB970710 - Critical (Vista)/Important (2008): A problem with the wireless NIC systems on Windows Vista and Windows Server 2008 OSs is allowing remote code execution attacks to occur. Windows XP, Windows Server 2003, Windows Server 2008 R2, and Windows 7 are not affected. This is not a problem for systems without Wi-Fi or with Wi-Fi turned off. If you have a Windows Vista or Windows Server 2008 machine with Wi-Fi, you should install this patch immediately. (The update is approximately 900 KB - 1.5 MB.)

Other updates

“The Usual Suspects”: Updates to the Malicious Software Removal Tool (update is approximately 8.7 - 9.3 MB) and Junk Email filters (update is approximately 2.2 MB).

Changed, but not significantly: None.

Updates since the last Patch Tuesday

We did not have any security patches released out of band since the last Patch Tuesday, but there were a large number of out of band, non-security patches in late August.


Daylight Savings Update for Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. (The update is approximately 250 KB - 1.3 MB.)

Vista/2008 Application Compatibility Update (The update is approximately 2.6 MB - 5.5 MB.)

Dynamic Installer Update for Vista and 2008 (The update is approximately 30 KB - 900 KB.)

WSUS 3.0 SP2 - Provides support for Windows 7, Windows Server 2008 R2, and BranchCache. (The update is approximately 85 MB.)

WSUS 3.0 SP2 Dynamic Installer - Allows WSUS to be installed as a server role. (The update is approximately 85 MB.)

Windows 7 Language Pack (The update is approximately 30 MB - 150 MB per language.)

IE 8 Compatibility View List for Windows 7 and 2008R2 (The update is approximately 40 KB - 700 KB.)

Fix for “stop errors” while installing Vista/2008 SP2 (The update is approximately 40 KB.)

Changed, but not significantly:

Comments

Post a Comment