Monday, October 19, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead** Website: TechNet/security Chat Topic: October 2009 Security Bulletin Date: Wednesday, October 14, 2009 Q: In reference to MS09-053, are all Internet Information Services (IIS) servers affected or only IIS servers running File Transfer Protocol (FTP)?
Tuesday, October 13, 2009
Hello world! Remember Mad Libs? How about Scrabble, when you’d try making up words that sound legit just to be de-bluffed by your friend. Playing these games provides endless hours of fun with words and letters. In software and the Internet, words, letters, and text are everything. Whether you’re up in the cloud, down in the code, or consuming the content—written language is the information that’s central to it all.
Tuesday, October 13, 2009
Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”?
Monday, October 12, 2009
This morning we released 13 security bulletins, our largest release of 2009. Altogether, these bulletins address 34 separate CVEs. We’d like to use this blog post to help you prioritize your deployment of the updates. Prioritization Criteria We’ve provided a prioritized list of bulletins in the table below. The prioritization is based on the following criteria:
Monday, October 12, 2009
This month we are releasing update MS09-050 to address the SMBv2 RCE vulnerability (CVE-2009-3103). Due to the fact that public exploit code exists for this vulnerability, we felt it would be good to summarize the exploit landscape at the time of release, so customers can use this information to prioritize the deployment of the update.
Monday, October 12, 2009
MS09-051 addresses a vulnerability (CVE-2009-0555) in the speech codec of Microsoft Window Media Component. Users of Windows XP/Windows Vista/Windows Server 2003/Windows Server 2008* are affected by this vulnerability. However, for Win2k users, the story is more complex and we would like to go into more detail in this blog. *Windows Server 2008 Core installation is not affected.
Monday, October 12, 2009
MS09-054 addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. First we’d like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector. And most customers need not take any action as they’ll receive this update automatically through Automatic Updates.
Monday, October 12, 2009
MS09-056 addresses two vulnerabilities that affect how the Windows CryptoAPI parses X.509 digital certificates. Applications on the Windows platform as well as Windows components such as the WinHTTP API can call into the CryptoAPI which provides cryptographic services to validate digital certificates. Internet Explorer, for instance, uses the CryptoAPI to parse and validate the certificate of remote web servers while browsing.
Monday, October 12, 2009
MS09-061 fixes vulnerabilities in the .NET Framework which could allow malicious .NET applications execute arbitrary native code, resulting in remote code execution. This post is intended to help clarify the attack vectors for these vulnerabilities, and to cover recommended workarounds. **Important note: **These vulnerabilities in the .NET framework do not affect applications built on the .
Monday, October 12, 2009
MS09-062 fixes several vulnerabilities in GDI+ related to image parsing. It also includes a feature which allows administrators to disable parsing for each of the different image formats. This feature was publicly released early this year in an optional GDI+ update available on the Microsoft Download Center, but is now being release as part of this bulletin.
