Microsoft September Security Updates - includes new OGA component
At home, I have both DSL for our best PC and dial-one for an older "cash for clunkers" family PC. It still runs XP SP3 fairly well and it's used mainly for browing, email, and posting to some of the security forums I belong to. We plan to upgrade later in the Fall with a new Windows 7 PC when this becomes available.
Usually on the dial-up PC, I'll choose Custom, select all items, and let it run in an unattended and standalone mode. Right after our President's address on Wednesday, I started the Microsoft Update process and watched the Yankess v. Rays on ESPN. After a busy day at work, I fell asleep.
After waking up hours later, I found that my updates had not started. I had missed an EULA was presented for the new Office Genuine Advantage (OGA) facility which will be used to validate Office (in the a similar fashion as WGA validates Windows authenticity.
I comply with these anti-piracy programs. WGA has been improved since it's initial introduction. I then selected OGA standalone, accepted the EULA, and applied it. I then restarted the Microsoft Update process to ensure it would complete well unattended. Each user can decide whether to opt in or out of OGA, but it's an added item to consider this month.
As Jerry Bryant's MSRC write up describes, there are 2 highly critical items that make September's update a PATCH NOW priority. The updates and OGA are all working well on my home and work PCs
Microsoft September 2009 Security Updates
QUOTE: As you can see, we give MS09-045 and MS09-047 the highest deployment priority mainly due to these being browse and own attack scenarios and a high exploitability index rating. Exploits for MS09-047 can also be created through specially crafted files such as ASF and MP3 audio files. These files could then be sent via email.