Home > Microsoft Security > Microsoft Security Bulletin January 2009

Microsoft Security Bulletin January 2009

For more information, see Microsoft Knowledge Base Article 913086. For more information, see Microsoft Knowledge Base Article 913086. With the release of the security bulletins for January 2014, this bulletin summary replaces the bulletin advance notification originally issued January 9, 2014. This ActiveX control was never intended to be instantiated in Internet Explorer. check over here

Note SMS uses the Microsoft Baseline Security Analyzer to provide broad support for security bulletin update detection and deployment. Bulletin IDBulletin TitleCVE IDExploitability Index AssessmentKey Notes MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) CVE-2009-2526 3 - Functioning exploit code unlikelyThis is a limited denial of service vulnerability. By searching using the security bulletin number (such as, “MS07-036”), you can add all of the applicable updates to your basket (including different languages for an update), and download to the The vulnerabilities are listed in order of bulletin ID then CVE ID.

With the release of the bulletins for January 2009, this bulletin summary replaces the bulletin advance notification originally issued January 8, 2009. Microsoft is hosting a webcast to address customer questions on these bulletins on April 15, 2009, at 11:00 AM Pacific Time (US & Canada). International customers can receive support from their local Microsoft subsidiaries. You should review each software program or component listed to see whether any security updates pertain to your installation.

  1. For the out-of-band security bulletins added to Version 2.0 of this bulletin summary, MS09-034 and MS09-035, Microsoft is hosting two webcasts to address customer questions on these bulletins on July 28,
  2. and Canada can receive technical support from Security Support or 1-866-PCSAFETY.
  3. Note for MS09-010 See also the section, Microsoft Office Suites and Software, for more update files.
  4. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  5. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  6. MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) CVE-2009-0086 1 - Consistent exploit code likelyThis is an easily controllable memory vulnerability with multiple attack vectors and opportunities
  7. Note As of August 1, 2009, Microsoft discontinued support for Office Update and the Office Update Inventory Tool.

Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. How do I use this table? Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Windows Server Update Services (WSUS), Systems Management Server (SMS), and System Center Configuration Manager help administrators distribute security updates.

Other versions are past their support life cycle. Critical Remote Code ExecutionRequires restartMicrosoft Windows, Internet Explorer MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. V7.0 (January 12, 2010): Revised to add Windows Embedded CE 6.0 to affected software for MS09-035. Important Denial of ServiceRequires restartMicrosoft Forefront Edge Security MS09-015 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) This security update resolves a publicly disclosed vulnerability in the Windows

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Much deserved after a very interesting December with high profile vulnerabilities that needed to be patched as soon as possible, especially MS08-078 which is still used by many malicious web pages Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. Important Denial of ServiceRequires restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month.

Vela Nava "sirdarckcat" for reporting an issue described in MS10-002 Lostmon Lords for reporting an issue described in MS10-002 Brett Moore, working with TippingPoint and the Zero Day Initiative, for reporting To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. MS10-002 URL Validation Vulnerability CVE-2010-0027 1 - Consistent exploit code likely(None) MS10-002 Uninitialized Memory Corruption Vulnerability CVE-2010-0244 1 - Consistent exploit code likely(None) MS10-002 Uninitialized Memory Corruption Vulnerability CVE-2010-0245 NoneCustomers that Important Elevation of PrivilegeRequires restartMicrosoft ISA Server MS09-030 Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) This security update resolves a privately reported vulnerability in Microsoft Office Publisher

For more information see the TechNet Update Management Center. check my blog Microsoft Security Bulletin Summary for July 2009 Published: July 14, 2009 | Updated: March 09, 2010 Version: 8.0 This bulletin summary lists security bulletins released for July 2009. Important Remote Code ExecutionRequires restartMicrosoft Windows MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) This security update resolves several privately reported vulnerabilities in the Windows kernel. Update Compatibility Evaluator and Application Compatibility Toolkit Updates often write to the same files and registry settings required for your applications to run.

As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL How do I use this table? There is no charge for support calls that are associated with security updates. this content Download Microsoft Security Bulletin DataRelated Links Get security bulletin notificationsReceive up-to-date information in RSS or e-mail format.

Some security updates require administrative rights following a restart of the system. For more information about MBSA, visit Microsoft Baseline Security Analyzer. How do I use this table?

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Register now for the January Security Bulletin Webcast. To continue getting the latest updates for Microsoft Office products, use Microsoft Update. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application. Security updates are also available at the Microsoft Download Center. Includes all Windows content. have a peek at these guys For more information about how administrators can use SMS 2003 to deploy security updates, see SMS 2003 Security Patch Management.

Windows Operating System and Components Windows XP Bulletin Identifier MS14-002 MS14-003 Aggregate Severity Rating Important None Windows XP Service Pack 3 Windows XP Service Pack 3 (2914368) (Important) Not applicable Windows For details on affected software, see the next section, Affected Software.