Home > Microsoft Security > Ms12-027

Ms12-027

Contents

SMS 2.0 users can also use the Software Updates Services Feature Pack to help deploy security updates. You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Microsoft Security Bulletin Summary for April 2009 Published: April 14, 2009 | Updated: April 16, 2009 Version: 1.1 This bulletin summary lists security bulletins released for April 2009.

Some software updates may not be detected by these tools. Critical Remote Code ExecutionMay require restartMicrosoft Office MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) This security update resolves three privately reported vulnerabilities in An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. The vulnerabilities could not be exploited remotely or by anonymous users.

Ms12-027

TechNet Products Products Windows Windows Server System Center Browser   Office Office 365 Exchange Server   SQL Server SharePoint Products Skype for Business See all products » IT Resources Resources Evaluation Detection and Deployment Tools and Guidance Security Central Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization. The other applicable versions are rated as Important.

For more information, see Microsoft Security Bulletin Summaries and Webcasts. Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2009 Security Intelligence Best Practices help organizations secure business applications and processes by identifying, preventing, and adapting to threats. Important Denial of ServiceRequires restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation

Includes all Windows content. Cve-2012-0158 For more information, see Microsoft Security Bulletin Summaries and Webcasts. To continue getting the latest updates for Microsoft Office products, use Microsoft Update. See the other tables in this section for additional affected software.

You should review each software program or component listed to see whether any security updates pertain to your installation. For more information about available support options, see Microsoft Help and Support. How do I use this table? Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems.

Cve-2012-0158

Customers who have already applied this update may install the hotfix from Microsoft Knowledge Base Article 976749. The vulnerabilities could not be exploited remotely or by anonymous users. Ms12-027 Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.

Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2016 Microsoft © 2016 Microsoft

Use these tables to learn about the security updates that you may need to install. You’ll be auto redirected in 1 second. The last thing I will mention is the fact that the Microsoft Security Intelligence Report Volume 6 provides insights into document file formats vulnerabilities and common exploitation techniques. For more information on this installation option, see Server Core.

MS09-010 This bulletin addresses four remote code execution vulnerabilities in Microsoft WordPad and Microsoft Office text converters. Other Information Microsoft Windows Malicious Software Removal Tool Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, This documentation is archived and is not being maintained.

To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Security updates are also available at the Microsoft Download Center. Microsoft Developer Tools and Software Microsoft Silverlight Bulletin Identifier MS09-061 MS09-062 Aggregate Severity Rating Critical None Microsoft Silverlight Microsoft Silverlight 2 [1] when installed on Mac(KB970363)(Critical)Not applicable Microsoft Silverlight Microsoft Silverlight See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]> TechNet Products Products Windows Windows Server System Center Browser V1.1 (June 10, 2009): Corrected the rating and key notes for CVE-2009-1138 in the Exploitability Index.

Revisions V1.0 (June 9, 2009): Bulletin Summary published. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Office Suites and Software Microsoft Office Suites, Systems, and Components Bulletin Identifier MS09-010 MS09-009 Aggregate Severity Rating Critical Critical Microsoft Office 2000 Service Pack 3 Microsoft Office Word 2000 Service Critical Remote Code ExecutionMay require restartMicrosoft Windows MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) This security update resolves a privately reported vulnerability in Windows Media Player.

Important Remote Code ExecutionMay require restartMicrosoft Office Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. Note You may have to install several security updates for a single vulnerability. Updates from Past Months for Windows Server Update Services. Microsoft Office Services and Web Apps Microsoft SharePoint Server 2007 Bulletin Identifier MS16-042 Aggregate Severity Rating Important Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions) Excel Services(3114897)(Important) Microsoft SharePoint Server

For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. for working with us on an issue described in MS09-019 Jorge Luis Alvarez Medina of Core Security Technologies for reporting an issue described in MS09-019 Haifei Li of Fortinet’s FortiGuard Global Not applicable Not applicable Not applicable Affected Software The following tables list the bulletins in order of major software category and severity. Cisco Applied Mitigation Bulletin: Understanding Cross-Site Scripting (XSS) Threat Vectors (MS09-016: CVE-2009-0237) will provide operators and administrators with knowledge about XSS attack vectors as well as techniques which can be used

Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!