Microsoft September Security Updates - includes new OGA component - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Microsoft September Security Updates - includes new OGA component

Star At home, I have both DSL for our best PC and dial-one for an older "cash for clunkers" family PC. It still runs XP SP3 fairly well and it's used mainly for browing, email, and posting to some of the security forums I belong to. We plan to upgrade later in the Fall with a new Windows 7 PC when this becomes available.

Usually on the dial-up PC, I'll choose Custom, select all items, and let it run in an unattended and standalone mode. Right after our President's address on Wednesday, I started the Microsoft Update process and watched the Yankess v. Rays on ESPN. After a busy day at work, I fell asleep.

After waking up hours later, I found that my updates had not started. I had missed an EULA was presented for the new Office Genuine Advantage (OGA) facility which will be used to validate Office (in the a similar fashion as WGA validates Windows authenticity.

I comply with these anti-piracy programs. WGA has been improved since it's initial introduction. I then selected OGA standalone, accepted the EULA, and applied it. I then restarted the Microsoft Update process to ensure it would complete well unattended. Each user can decide whether to opt in or out of OGA, but it's an added item to consider this month.

As Jerry Bryant's MSRC write up describes, there are 2 highly critical items that make September's update a PATCH NOW priority. The updates and OGA are all working well on my home and work PCs

Microsoft September 2009 Security Updates
http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx
http://isc.sans.org/diary.html?storyid=7099
http://blogs.technet.com/msrc/archive/2009/09/08/september-2009-security-bulletin-release.aspx

QUOTE: As you can see, we give MS09-045 and MS09-047 the highest deployment priority mainly due to these being browse and own attack scenarios and a high exploitability index rating. Exploits for MS09-047 can also be created through specially crafted files such as ASF and MP3 audio files. These files could then be sent via email.

Posted: Sep 11 2009, 12:02 PM by Harry Waldron | with no comments |

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.