Skip to main content

Month Archives: August 2009

August 2009 Security Bulletin Webcast Video and Customer Q and A

Friday, August 14, 2009

As we do every month on the Wednesday following our standard second Tuesday security bulletin release, we conducted a live webcast where Adrian Stone and myself went through the bulletins in detail and then answered customer questions with the help of several subject matter experts (SMEs). It is apparent that there is still a bit of confusion around the Active Template Library (ATL) issue and how current updates relate to work we have already done to provide mitigations, protections and guidance to customers.

Monthly Security Bulletin Webcast Q&A - August 2009

Thursday, August 13, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: August 2009 Security Bulletin Date: Wednesday, August 11, 2009** Q: Regarding the re-release of MS09-029. Why it was re-released? Is it recommended to install? A: This update was re-released to correct an issue affecting the print spooler in certain circumstances.

August 2009 Bulletin Release

Tuesday, August 11, 2009

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.

MS09-037: Why we are using CVE's already used in MS09-035

Tuesday, August 11, 2009

MS09-035 was released July 28 to address vulnerabilities in the Visual Studio Active Template Library (ATL). A related security update, MS09-034, included a defense-in-depth Internet Explorer mitigation to help protect against attacks in vulnerable components. This morning, we released security bulletin MS09-037 to addresses the ATL vulnerabilities in several Windows components.

MS09-039: More information about the WINS security bulletin

Tuesday, August 11, 2009

This morning, we released security update MS09-039 addressing vulnerabilities in the Microsoft Windows Internet Name Service (WINS). In this blog post, we’d like to help you understand the following: What is the risk of this vulnerability? Why is it rated Critical? What is Microsoft doing to prevent a “WINS worm?” What you can do to protect your environment?