Home > Microsoft Security > Microsoft Security Updates For May 2009

Microsoft Security Updates For May 2009

Critical Remote Code ExecutionRequires restartMicrosoft Windows, Internet Explorer MS09-009 Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) This security update resolves a privately reported vulnerability and a publicly Posted by Corrine Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest Labels: Microsoft, Security, Updates, Vulnerabilities, Windows No comments: Post a Comment Newer Post Older Post Home Subscribe to: Post Comments Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. You’ll be auto redirected in 1 second. navigate here

Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion Additionally, bulletin information in the Common Vulnerability Reporting Framework (CVRF) format is available. MS09-017 is being rereleased to provide security update packages for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5, and Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-035 Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) CVE-2009-2495 3 - Functioning exploit code unlikelyInformation disclosure bug only with no threat of code execution. Use these tables to learn about the security updates that you may need to install. One vulnerability, which is described in CVE-2009-0556 and IntelliShield alert 17966, is being actively exploited in the wild.

V1.1 (May 13, 2009): Removed an erroneous note for MS09-017 pertaining to security updates KB969618 and KB957789 for supported versions of Microsoft Office PowerPoint 2007. Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Security ImpactRestart RequirementAffected Software MS09-002 Cumulative Security Update for Internet Explorer (961260) This security update resolves two privately reported vulnerabilities. Some security updates require administrative rights following a restart of the system. For details on affected software, see the next section, Affected Software and Download Locations.

Code execution is highly improbable. *This pair of vulnerabilities, assigned the same CVE number, is addressed in two security updates. Attacks exploiting this vulnerability will likely result only in denial of service, not remote code execution.  MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) CVE-2008-5416 1 - After this date, this webcast is available on-demand. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY.

International customers can receive support from their local Microsoft subsidiaries. Critical Remote Code ExecutionMay require restartMicrosoft Office MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) This security update resolves several privately reported vulnerabilities that could allow remote There is no charge for support calls that are associated with security updates. This guidance will also help IT professionals understand how they can use various tools to help deploy the security update, such as Windows Update, Microsoft Update, Office Update, the Microsoft Baseline

The next release of SMS, System Center Configuration Manager 2007, is now available; see also System Center Configuration Manager 2007. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. There is no charge for support calls that are associated with security updates. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.

Customers in the U.S. check over here MS09-012 Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) CVE-2009-0078 1 - Consistent exploit code likely This vulnerability is currently being exploited in the Internet ecosystem. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. Security updates are available from Microsoft Update, Windows Update, and Office Update.

and Canada can receive technical support from Security Support or 1-866-PCSAFETY. Please see the section, Other Information. Detection and Deployment Guidance Microsoft has provided detection and deployment guidance for this month’s security updates. http://0pacity.com/microsoft-security/microsoft-security-essentials-xp.html The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or

In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and You should review each software program or component listed to see whether any security updates pertain to your installation.

To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Attacks against later versions of Office are unlikely to result in code execution. You should review each software program or component listed to see whether any security updates pertain to your installation. Microsoft Security Bulletin Summary for May 2009 Published: May 12, 2009 | Updated: June 09, 2009 Version: 2.0 This bulletin summary lists security bulletins released for May 2009. MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) CVE-2009-0235 1 - Consistent exploit code likelyThis memory corruption vulnerability is easily exploitable.

IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community. Critical Remote Code ExecutionRequires restartMicrosoft Windows, Internet Explorer MS09-033 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) This security update resolves a privately reported vulnerability in Microsoft Office Suites and Software Microsoft Office Visio Bulletin Identifier MS09-005 Aggregate Severity Rating Important Microsoft Office Visio 2002 Microsoft Office Visio 2002 Service Pack 2 (KB955654)(Important) Microsoft Office Visio 2003 weblink MS09-019 Cumulative Security Update for Internet Explorer (969897) CVE-2007-3091 3 - Functioning exploit code unlikely(None) MS09-019 Cumulative Security Update for Internet Explorer (969897) CVE-2009-1140 3 - Functioning exploit code unlikelyThis is

Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Finally, security updates can be downloaded from the Microsoft Update Catalog.

V2.0 (June 9, 2009): Revised to announce rerelease of MS09-017. Some software updates may not be detected by these tools. Alternatively, you can temporarily force all legacy PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE). The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs.

If a software program or component is listed, then the available software update is hyperlinked and the severity rating of the software update is also listed. This documentation is archived and is not being maintained. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.