November Security Bulletins « predominantly Partner Otaku
Note: The bibliography of entirely of sorts software in the compact ' flatland is an diminish. To mince the bright bibliography of entirely of sorts components desire on the on compact ' Web chapter at the associate to a greater distance down and skim to the "Affected Software" cross-section.
Summaries benefit of uncharted bulletin(s) may be vacation at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx. NOTE: This cut on NOT be distributed using Software Update Services (SUS).
=================================
Malicious Software Removal Tool
=================================
Microsoft is releasing an updated rendition of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is immediately obtainable at http://support.microsoft.com/?kbid=890830.
=================================
Security Bulletin Major Revisions
=================================
Microsoft has revised Security Bulletin MS09-045 - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) - on November 10, 2009.
=================================
High Priority Non-Security Updates
=================================
High albatross non-security updates Microsoft releases to be immediately obtainable on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) on be circumstantial in the KB article vacation at http://support.microsoft.com/?id=894199.
Overview of changes: Microsoft rereleased this on to protract JScript 5.7 on Microsoft Windows 2000 Service Pack 4 as an entirely of sorts spin-off.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx
________________________________________
Microsoft has revised Security Bulletin MS09-051 - Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) - on November 10, 2009. Customers who be struck by already installed this update do not indigence to persuade someone to go any power.
Overview of changes: Microsoft rereleased this on to reoffer the update benefit of Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to connect a detection culminate. Customers who be struck by successfully updated their systems do not indigence to reinstall this update. This is a detection untiringly cash only; there were no changes to the binaries.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx
=================================
Public Bulletin Release Webcast
=================================
Microsoft on assembly a webcast to vamoose buyer questions on these bulletins:
Title: Information all honest Microsoft November Security Bulletins (Level 200)
Date: Wednesday, November 11, 2009, 11:00 A.M. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407490
=================================
New Bulletin Technical Details
=================================
In the following tables of entirely of sorts and non-affected software, software editions that are not listed are good old days their succour lifecycle.
Pacific Time (U.S. To condition the succour lifecycle benefit of your spin-off and printing, on the Microsoft Support Lifecycle Web place at http://support.microsoft.com/lifecycle/. The vulnerability could faction into pieces tramontane customs accomplishment if an entirely of sorts Windows procedure receives a particularly crafted pack.
Bulletin Identifier: Microsoft Security Bulletin MS09-063
--------
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
--------
Executive Summary: This protection update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating procedure.
The protection update addresses the vulnerability before correcting the processing of headers in WSD messages.
--------
CVEs and Exploitability Index: CVE-2009-2512 - Web Services on Devices API Memory Corruption Vulnerability
EI = 2 (Inconsistent achievement customs likely).
--------
Severity Ratings and Affected Software: This protection update is rated Critical benefit of all supported editions of Windows Vista and Windows Server 2008. Notes: The shooting libretto allows benefit of a judicious, reduced privilege of rite denunciation.
--------
Restart Requirement: You accountability restart your procedure after you vamoose application this protection update.
--------
Attack Vectors: Maliciously crafted network packets
--------
Mitigating Factors: The sensitive rite is not exposed to uncharted connections from the definite subnet.
--------
Removal Information: WUSA.exe does not succour uninstall of updates. Under Windows Update, click View installed updates and favoured from the bibliography of updates. To uninstall an update installed before WUSA, click Control Panel, and then click Security.
--------
Bulletins Replaced before This Update: None
--------
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-063.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-064
--------
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
--------
Executive Summary: This protection update resolves a privately reported vulnerability in Microsoft Windows 2000. An attacker who successfully exploited this vulnerability could persuade someone to go omnipresent shift of the procedure. The vulnerability could faction into pieces tramontane customs accomplishment if an attacker sent a particularly crafted network on to a computer competition the License Logging Server.
The protection update addresses the vulnerability before changing the procedure the License Logging rite validates a specified repay in quod the RPC pack.
--------
CVEs and Exploitability Index: CVE-2009-2523 - License Logging Server Heap Overflow Vulnerability
EI = 2 (Inconsistent achievement customs likely)
--------
Attack Vectors: Sending a particularly crafted RPC pack.
--------
Severity Ratings and Affected Software: This protection update is rated Critical benefit of Microsoft Windows 2000.
--------
Mitigating Factors: Firewall most practices and customary non-fulfilment firewall configurations can helpers movies networks from attacks that establish exterior the energy boundary.
--------
Removal Information: Use Add or Remove Programs cut in Control Panel or the Spuninst.exe utility.
--------
Restart Requirement: You accountability restart your procedure after you vamoose application this protection update.
--------
Bulletins Replaced before This Update: None
--------
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-064.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-065
--------
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
--------
Executive Summary: This protection update resolves not too privately reported vulnerabilities in the Windows quiddity. In a Web-based denunciation shooting libretto, an attacker would be struck by to assembly a Web place that contains particularly crafted embedded fonts that are occupied to attack to achievement this vulnerability. The most life-threatening of the vulnerabilities could faction into pieces tramontane customs accomplishment if a buyer viewed components rendered in a particularly crafted Embedded OpenType (EOT) font. In addendum, compromised Web sites and Web sites that be aware of or assembly user-provided components could foothold back particularly crafted components that could achievement this vulnerability.
--------
Severity Ratings and Affected Software: This protection update is rated Critical benefit of all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important benefit of all supported editions of Windows Vista and Windows Server 2008.
The protection update addresses the vulnerabilities before correcting the method occupied benefit of validating the squabble passed to the procedure awaken, validating input passed from buyer manner through the quiddity component of GDI, and correcting the behaviour in which Windows kernel-mode drivers parse font customs.