Home > Microsoft Security > Microsoft Security Bulletin Summary For December 2009

Microsoft Security Bulletin Summary For December 2009

Contents

The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx. This is because this vulnerability was first addressed in MS09-035.) See also the same CVE number in MS09-055. Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity. http://qaisoftware.com/microsoft-security/microsoft-security-update-april-2009.html

For more information about how administrators can use SMS 2003 to deploy security updates, see SMS 2003 Security Patch Management. For more information, see About Microsoft Office Update: Frequently Asked Questions. With the release of the bulletins for October 2009, this bulletin summary replaces the bulletin advance notification originally issued October 8, 2009. Posted in Security Alerts | No Comments » Tagged With: Address • Arbitrary Code • Attacker • Bulletins • Denial Of Service • Internet Explorer • Microsoft • Microsoft Net https://technet.microsoft.com/en-us/library/security/ms09-dec.aspx

Microsoft Security Bulletins

To continue getting the latest updates for Microsoft Office products, use Microsoft Update. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) CVE-2009-2510 3 - Functioning exploit code unlikelyThis is a spoofing vulnerability.

  1. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  2. V3.1 (November 4, 2009): Removed erroneous references to the original release version of Microsoft Office Visio Viewer 2007 as affected software in MS09-060 and MS09-062.
  3. This bulletin spans more than one software category.
  4. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers

Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners. Microsoft Security Bulletin October 2016 DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

For more information, see Microsoft Knowledge Base Article 913086. Microsoft Patch Tuesday Please refer to our CNET Forums policies for details. Other Information Microsoft Windows Malicious Software Removal Tool Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, https://technet.microsoft.com/en-us/library/security/ms09-jul.aspx Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later,

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft Security Bulletin November 2016 SHOW ME NOW © CBS Interactive Inc.  /  All Rights Reserved. for reporting an issue described in MS09-054 Mark Dowd of IBM ISS X-Force for reporting an issue described in MS09-054 TippingPoint and the Zero Day Initiative for reporting an issue described Register now!

Microsoft Patch Tuesday

Some software updates may not be detected by these tools. You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit 5.0. Microsoft Security Bulletins Critical Remote Code ExecutionMay require restartMicrosoft Office MS09-072 Cumulative Security Update for Internet Explorer (976325) This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. Microsoft Security Bulletin August 2016 Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion

Most likely result is denial of service. his comment is here Administrators are encouraged to note these issues and test for any potentially adverse effects. Important Remote Code ExecutionMay require restartMicrosoft Windows MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Microsoft Security Bulletin June 2016

MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) CVE-2009-2507 2 - Inconsistent exploit code likely(None) MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) CVE-2009-2515 2 V4.1 (January 12, 2010): Removed Microsoft Expression Web, Microsoft Expression Web 2, Microsoft Office Groove 2007, and Microsoft Office Groove 2007 Service Pack 1 as affected software for MS09-062. To continue getting the latest updates for Microsoft Office products, use Microsoft Update. http://qaisoftware.com/microsoft-security/microsoft-security-essentials-2009-free-download.html Detection and Deployment Guidance Microsoft provides detection and deployment guidance for security updates.

For more information about how to contact Microsoft for support issues, visit International Help and Support. Microsoft Patch Tuesday October 2016 Updates for consumer platforms are available from Microsoft Update. All customers who have already installed the original update are already protected.

This bulletin spans more than one software category.

Discussion is locked Flag Permalink You are posting a reply to: Microsoft Security Bulletin Summary for December 2009 The posting of advertisements, profanity, or personal attacks is prohibited. For more information about how administrators can use SMS 2003 to deploy security updates, see SMS 2003 Security Patch Management. Use these tables to learn about the security updates that you may need to install. Microsoft Patch Tuesday July 2016 Register now for the July 28, 1:00 PM Webcast and the July 28, 4:00 PM Webcast.

Download Microsoft Security Bulletin DataRelated Links Get security bulletin notificationsReceive up-to-date information in RSS or e-mail format. Original Advisory: http://www.microsoft...n/MS09-069.mspx___ Edited by apluswebmaster, 13 December 2009 - 07:26 AM. .The machine has no brain. ......... This can trigger incompatibilities and increase the time it takes to deploy security updates. navigate here Critical Remote Code ExecutionRequires restartMicrosoft Windows MS09-069 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) This security update resolves a privately reported vulnerability in Microsoft Windows.

The content you requested has been removed. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Legal Information . Detection and Deployment Tools and Guidance Security Central Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization.

You can find them most easily by doing a keyword search for "security update". MS09-070 Remote Code Execution in ADFS Vulnerability CVE-2009-2509 1 - Consistent exploit code likelyThe vulnerability is only exploitable by an authenticated attacker. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. Includes all Windows content.

The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. We appreciate your feedback.

For more information about this procedure, see Deploying Software Updates Using the SMS Software Distribution Feature. DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. by DarkFiber Consulting Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010.