DP's Security Bits : Advisories / Bulletins

Microsoft Security Bulletin Minor Revision - December 21, 2009

Don — Tue, 22 Dec 2009 20:33:00 GMT

Issued: December 21, 2009

Summary

The following bulletin has undergone a minor revision increment.

* MS09-058 - Important

Bulletin Information:

* MS09-058 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx
- Reason for Revision: V1.1 (December 21, 2009): Added a link to
Microsoft Knowledge Base Article 971486 under Known Issues in
the Executive Summary.
- Originally posted: October 13, 2009
- Updated: December 21, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

Microsoft Security Bulletin Minor Revision - December 16, 2009

Don — Thu, 17 Dec 2009 09:44:00 GMT

Issued: December 16, 2009

Summary

The following bulletin has undergone a minor revision increment.

* MS09-037 - Critical

Bulletin Information:

* MS09-037 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx
- Reason for Revision: V2.1 (December 16, 2009): Added a link to
Microsoft Knowledge Base Article 973908 under Known Issues in
the Executive Summary.
- Originally posted: August 11, 2009
- Updated: December 16, 2009
- Bulletin Severity Rating: Critical
- Version: 2.1

Microsoft Security Bulletin Minor Revisions - December 9, 2009

Don — Thu, 10 Dec 2009 09:15:00 GMT

Issued: December 9, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-073 - Important
* MS09-072 - Critical
* MS09-071 - Critical
* MS09-070 - Important
* MS09-058 - Important
* MS08-037 - Important

Bulletin Information:

* MS09-073 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx
- Reason for Revision: V1.1 (December 9, 2009): Removed a redundant
entry for the Microsoft Office Compatibility Pack from the
non-affected software table. Also corrected several
deployment reference tables to clarify that in some cases,
this update does not require a restart. This is an
informational change only.
- Originally posted: December 8, 2009
- Updated: December 9, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

* MS09-072 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx
- Reason for Revision: V1.1 (December 9, 2009): Corrected a
reference to Microsoft Knowledge Base Article 976749 in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update. Also corrected, in the Security Update
Deployment section, the registry key for verification of the
update for Internet Explorer 7 for all supported x64-based
editions of Windows XP.
- Originally posted: December 8, 2009
- Updated: December 9, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-071 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx
- Reason for Revision: V1.1 (December 9, 2009): Added an entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to explain this revision. This is an
informational change only.
- Originally posted: December 8, 2009
- Updated: December 9, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-070 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-070.mspx
- Reason for Revision: V1.1 (December 9, 2009): Corrected the SMS
2.0 and SMS 2003 with SUIT entries for Windows Server 2003
x64 Edition Service Pack 2 in the SMS table. This is an
information change only.
- Originally posted: December 8, 2009
- Updated: December 9, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

* MS09-058 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx
- Reason for Revision: V1.1 (December 9, 2009): Added a link to
Microsoft Knowledge Base Article 971486 under Known Issues in
the Executive Summary.
- Originally posted: October 13, 2009
- Updated: December 9, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-037 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
- Reason for Revision: V3.1 (December 9, 2009): Corrected the
registry key verification and removal information in the
reference table for the DNS client on Microsoft Windows 2000
Service Pack 4 (KB951748). This is an informational change only.
- Originally posted: July 8, 2008
- Updated: December 9, 2009
- Bulletin Severity Rating: Important
- Version: 3.1

Microsoft Security Bulletin Major Revisions - December 8, 2009

Don — Wed, 09 Dec 2009 09:04:00 GMT

Issued: December 8, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-037 - Important

Bulletin Information:

* MS08-037 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
- Reason for Revision: V3.0 (December 8, 2009): Updated to
communicate the rerelease of the security update for the DNS
client on Microsoft Windows 2000 Service Pack 4 (KB951748).
Also corrected the bulletin replacement information for this
update. Customers who have previously installed this update
need to reinstall the automatically reoffered update. No
other updates are affected by this rerelease.
- Originally posted: July 8, 2008
- Updated: December 8, 2009
- Bulletin Severity Rating: Important
- Version: 3.0

Microsoft Security Advisory Notification - December 8, 2009

Don — Tue, 08 Dec 2009 22:02:00 GMT

Issued: December 8, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (977981)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/977981.mspx
- Revision Note: V2.0 (December 8, 2009): Advisory updated to
reflect publication of security bulletin.

* Microsoft Security Advisory (974926)
- Title: Credential Relaying Attacks on Integrated
Windows Authentication
- http://www.microsoft.com/technet/security/advisory/974926.mspx
- Revision Note: V1.0 (December 8, 2009): Advisory published.

* Microsoft Security Advisory (973811)
- Title: Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
- Revision Note: V1.2 (December 8, 2009): Updated the FAQ
with information about three non-security updates relating to
Windows HTTP Services, HTTP Protocol Stack, and Internet
Information Services.

* Microsoft Security Advisory (954157)
- Title: Security Enhancements for the Indeo Codec
- http://www.microsoft.com/technet/security/advisory/954157.mspx
- Revision Note: V1.0 (December 8, 2009): Advisory published.

Microsoft Security Bulletin(s) for December 8, 2009

Don — Tue, 08 Dec 2009 17:58:00 GMT

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···dec.mspx

Critical (3)

Microsoft Security Bulletin MS09-071
Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
»www.microsoft.com/technet/securi···071.mspx

Microsoft Security Bulletin MS09-074
Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
»www.microsoft.com/technet/securi···074.mspx

Microsoft Security Bulletin MS09-072
Cumulative Security Update for Internet Explorer (976325)
»www.microsoft.com/technet/securi···072.mspx

Important (3)

Microsoft Security Bulletin MS09-069
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
»www.microsoft.com/technet/securi···069.mspx

Microsoft Security Bulletin MS09-070
Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
»www.microsoft.com/technet/securi···070.mspx

Microsoft Security Bulletin MS09-073
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
»www.microsoft.com/technet/securi···073.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Security Advisory for Adobe Flash Player

Don — Fri, 04 Dec 2009 12:10:00 GMT

Release date: December 3, 2009

Vulnerability identifier: APSB09-19

Platform: All Platforms

Summary

Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues. Adobe expects to make these updates available on December 8, 2009.

Security Bulletin

Microsoft Security Bulletin Advance Notification for December 2009

Don — Thu, 03 Dec 2009 19:15:00 GMT

Microsoft Security Bulletin Advance Notification issued: December 3, 2009

This is an advance notification of security bulletins that Microsoft is intending to release on December 8, 2009

3 Rated Critial and 3 Rated Important

http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx

Microsoft Security Bulletin Minor Revisions - December 2, 2009

Don — Thu, 03 Dec 2009 09:24:00 GMT

Issued: December 2, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-046 - Critical

Bulletin Information:

* MS09-046 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-046.mspx
- Reason for Revision: V1.2 (December 2, 2009): Added a link to
Microsoft Knowledge Base Article 956844 under Known Issues in
the Executive Summary.
- Originally posted: September 8, 2009
- Updated: December 2, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

Microsoft Security Bulletin Major Revisions - November 24, 2009

Don — Wed, 25 Nov 2009 09:40:00 GMT

Issued: November 24, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-076 - Important

Bulletin Information:

* MS08-076 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
- Reason for Revision: V5.0 (November 24, 2009): Added entries to
the Frequently Asked Questions (FAQ) Related to This Security
Update section announcing the re-release of this update for
the Windows XP Embedded operating system. Customers using the
Windows XP Embedded operating system should install this
automatically offered security update at the earliest
opportunity. Customers of all other operating systems who
have already installed this update do not need to take
further action.
- Originally posted: December 9, 2008
- Updated: November 24, 2009
- Bulletin Severity Rating: Important
- Version: 5.0

Microsoft Security Advisory Notification - November 23, 2009

Don — Tue, 24 Nov 2009 09:31:00 GMT

Issued: November 23, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (977981)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/977981.mspx
- Revision Note: Advisory published.

Microsoft Security Advisory Notification - November 13, 2009

Don — Sat, 14 Nov 2009 09:16:00 GMT

Issued: November 13, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (977544)
- Title: Vulnerabilities in SMB Could Allow Denial of Service
- http://www.microsoft.com/technet/security/advisory/977544.mspx
- Revision Note: V1.0 (November 13, 2009): Advisory published.

Microsoft Security Bulletin Minor Revisions - November 12, 2009

Don — Fri, 13 Nov 2009 09:58:00 GMT

Issued: November 12, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-065 - Critical

Bulletin Information:

* MS09-065 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-065.mspx
- Reason for Revision: V1.1 (November 12, 2009): Added a link to
Microsoft Knowledge Base Article 969947 under Known Issues in
the Executive Summary.
- Originally posted: November 10, 2009
- Updated: November 12, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Apple Releases Mac OS X v10.6.2 and Security Update 2009-006

Don — Wed, 11 Nov 2009 13:08:00 GMT

Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct a man-in-the-middle attack, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT3937 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#apple_releases_mac_os_x2

Microsoft Security Bulletin Major Revisions - November 10, 2009

Don — Tue, 10 Nov 2009 22:44:00 GMT

Issued: November 10, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-051 - Critical
* MS09-045 - Critical

Bulletin Information:

* MS09-051 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
- Reason for Revision: V2.0 (November 10, 2009): Bulletin revised
to communicate the rerelease of the update for Audio
Compression Manager on Microsoft Windows 2000 Service Pack 4
to fix a detection issue. This is a detection change only;
there were no changes to the binaries. Customers who have
successfully updated their systems do not need to reinstall
this update. Also corrected the registry key verification for
DirectShow WMA Voice Codec on Windows Server 2003.
- Originally posted: October 13, 2009
- Updated: November 10, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS09-045 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx
- Reason for Revision: V2.0 (November 10, 2009): Added JScript 5.7
on Microsoft Windows 2000 Service Pack 4 (KB975542) to the
Affected Software table and the Security Update Deployment section.
- Originally posted: September 8, 2009
- Updated: November 10, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Microsoft Security Bulletin(s) for November 2009

Don — Tue, 10 Nov 2009 17:56:00 GMT

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···nov.mspx

Critical (3)

Microsoft Security Bulletin MS09-063
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
»www.microsoft.com/technet/securi···063.mspx

Microsoft Security Bulletin MS09-064
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
»www.microsoft.com/technet/securi···064.mspx

Microsoft Security Bulletin MS09-065
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
»www.microsoft.com/technet/securi···065.mspx

Important (3)

Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)
»www.microsoft.com/technet/securi···066.mspx

Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
»www.microsoft.com/technet/securi···067.mspx

Microsoft Security Bulletin MS09-068
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
»www.microsoft.com/technet/securi···068.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Microsoft Security Bulletin Advance Notification for Nov. 2009

Don — Thu, 05 Nov 2009 18:27:00 GMT

Microsoft Security Bulletin Advance Notification issued: November 5, 2009

Microsoft Security Bulletins to be issued: November 10, 2009

This is an advance notification of security bulletins that Microsoft is intending to release on November 10, 2009

3 rated Critical and 3 rated Important.

http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx

Microsoft Security Bulletin Minor Revisions - November 4, 2009

Don — Thu, 05 Nov 2009 09:05:00 GMT

Issued: November 4, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-062 - Critical
* MS09-061 - Critical
* MS09-060 - Critical
* MS09-055 - Critical
* MS09-044 - Critical

Bulletin Information:

* MS09-062 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
- Reason for Revision: V2.1 (November 4, 2009): Removed erroneous
references to Microsoft Office Visio Viewer 2007 as affected
software; corrected the setup switches for Microsoft .NET
Framework 1.1 and Microsoft .NET Framework 2.0; clarified the
entry, "If I have an installation of SQL Server, how am I
affected?" in the FAQ section; and corrected the removal
information for Microsoft Windows 2000.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS09-061 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
- Reason for Revision: V1.2 (November 4, 2009): Added an entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to explain this revision. Customers who have
successfully installed this update do not need to reinstall.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-060 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
- Reason for Revision: V1.2 (November 4, 2009): Removed erroneous
references to Microsoft Office Visio Viewer 2007 as affected software.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-055 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx
- Reason for Revision: V1.2 (November 4, 2009): Added three entries
in Frequently Asked Questions (FAQ) Related to This Security
Update to explain user options for Visio Viewer 2007 and
MS09-060. Also corrected the dll name for Visio Viewer in the
FAQ for CVE-2009-2493.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-044 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx
- Reason for Revision: V2.1 (November 4, 2009): Added a new known
issues entry to the Frequently Asked Questions (FAQ) Related
to This Security Update section.
- Originally posted: August 11, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 2.1

Microsoft Security Bulletin Major Revisions - November 2, 2009

Don — Tue, 03 Nov 2009 22:50:00 GMT

Issued: November 2, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-054 - Critical

Bulletin Information:

* MS09-054 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
- Reason for Revision: V2.0 (November 2, 2009): Revised to announce
the availability of a hotfix to address application
compatibility issues. Customers who have already applied this
update may install the hotfix from Microsoft Knowledge Base
Article 976749. Also corrected the log file names, spuninst
folder names, and registry key values for Microsoft Windows 2000.
- Originally posted: October 13, 2009
- Updated: November 2, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Advance notification of Security Updates for Java SE

Don — Sat, 31 Oct 2009 14:27:00 GMT

On November 3, 2009, Sun will release the following security updates:

JDK and JRE 6 Update 17
JDK and JRE 5.0 Update 22
SDK and JRE 1.4.2_24
SDK and JRE 1.3.1_27

http://blogs.sun.com/security/entry/advance_notification_of_security_updates6