Home > Microsoft Security > Microsoft Security Bulletin January 2009

Microsoft Security Bulletin January 2009

Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates. The next release of SMS, System Center Configuration Manager 2007, is now available; see also System Center Configuration Manager 2007. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index. MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) CVE-2009-0089 1 - Consistent exploit code likely(None) MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) navigate here

Some software updates may not be detected by these tools. Microsoft Security Bulletin Summary for January 2010 Published: January 12, 2010 | Updated: January 21, 2010 Version: 2.0 This bulletin summary lists security bulletins released for January 2010. The attacker might be able to exploit the vulnerability and take control over the targeted system though I personally cannot see this being used in malware. Public proof of concept code exists to exercise this vulnerability for remote denial of service.

However, this security update is being offered to developers who use this software so that they may issue their own updated version of their applications. For more information see the TechNet Update Management Center. Revisions V1.0 (January 12, 2010): Bulletin Summary published.

Free tools Sophos Homefor Windows and Mac XG FirewallHome Edition Mobile Securityfor Android Virus Removal Tool Antivirusfor Linux Post navigation Previous: Serious security vulnerability in Safari web browser reportedNext: Breaking into All Rights Reserved.

We use cookies to ensure that we give you the best experience on our website.OkRead more Afterwards, these webcasts are available on-demand. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Please see the section, Other Information. Customers using the Windows Embedded CE 6.0 platform should consider applying the cumulative update. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Finally, security updates can be downloaded from the Microsoft Update Catalog.

The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. To continue getting the latest updates for Microsoft Office products, use Microsoft Update. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! You should review each software program or component listed to see whether any security updates pertain to your installation.

  • MS09-034 Cumulative Security Update for Internet Explorer (972260) CVE-2009-1919 2 - Inconsistent exploit code likelyFunctional code execution is possible with inconsistent exploitation results.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files.
  • How do I use these tables?
  • Use this table to learn about the likelihood of functioning exploit code being released within 30 days of security bulletin release, for each of the security updates that you may need
  • Critical Remote Code ExecutionRequires restartMicrosoft Windows, Internet Explorer MS09-009 Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) This security update resolves a privately reported vulnerability and a publicly
  • Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) This security update resolves one publicly disclosed and
  • Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.
  • However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers of this software apply this security update.
  • The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component.

Affected Software and Download Locations The following tables list the bulletins in order of major software category and severity. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. Microsoft Server Software Microsoft Exchange Server Bulletin Identifier MS09-003 Aggregate Severity Rating Critical Microsoft Exchange 2000 Server Microsoft Exchange 2000 Server Service Pack 3 with the Update Rollup of August 2004

For more information about MBSA, visit Microsoft Baseline Security Analyzer. check over here Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue. For more information about how administrators can use SMS 2003 to deploy security updates, see SMS 2003 Security Patch Management. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. Also added the bulletin webcast link for this out-of-band security bulletin. How do I use these tables? his comment is here Support The affected software listed has been tested to determine which versions are affected.

For details on affected software, see the next section, Affected Software. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Obtaining Other Security Updates Updates for other security issues are available from the following locations: Security updates are available from Microsoft Download Center.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. MS14-003 Win32k Window Handle Vulnerability CVE-2014-0262 Not affected 1 - Exploit code likely Permanent (None) MS14-004 Query Filter DoS Vulnerability CVE-2014-0261 3 - Exploit code unlikely 3 - Exploit code unlikely

For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index. He has been working for Sophos since 1998. Bulletin IDVulnerability TitleCVE IDExploitability Index AssessmentKey Notes MS10-001 Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability CVE-2010-0018 2 - Inconsistent exploit code likelyThis exploitability index assessment applies to http://arnoldtechweb.com/microsoft-security/may-microsoft-security-bulletin.html For more information about this procedure, see Deploying Software Updates Using the SMS Software Distribution Feature.

The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. Critical Remote Code ExecutionRequires restartMicrosoft Windows,Internet Explorer MS09-055 Cumulative Security Update of ActiveX Kill Bits (973525) This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls