Friday 11 September 2009

Patch Tuesday Update - September 2009


Here is the update for September Microsoft Security Releases!
September 2009 brings a moderate Microsoft Patch Tuesday update from Microsoft with five CRITICAL Security updates. All five Microsoft Security Updates (MS09-45 to MS09-49) will require system reboots and relate to Remote Code Execution. The ChangeBASE team has raised the system reboot ratings for patch MS09-046 and MS09-047 to "Require a Reboot" from "May require a reboot" due to the nature of the files updated and the impact on standard desktop workstation environments.
The expectation from the ChangeBASE team is that the five September Microsoft updates are not likely to cause serious OS level or application compatibility issues. Sample results from the AOK report generator for Microsoft Office 2003 has been included here;





Testing Summary
  • MS09-045 : Marginal Impact (both Package level and dependencies) detected across portfolio.
  • MS09-046 : Marginal Impact (both Package level and dependencies) detected across portfolio.
  • MS09-047 : Marginal Impact (both Package level and dependencies) detected across portfolio.
  • MS09-048 : Marginal Impact (both Package level and dependencies) detected across portfolio.
  • MS09-049 : Marginal Impact (both Package level and dependencies) detected across portfolio.

<><><><> <><><><> <><><><> <><><><> <><><><>
Patch Name
Total
Issues
Matches
Affected
Reboot
Rating
RAG
Microsoft Security Bulletin MS09-045
<1%
<1%
YES
Critical
Green
Microsoft Security Bulletin MS09-046
<1%
<1%
YES
Critical
Green
Microsoft Security Bulletin MS09-047
<1%
<1%
YES
Critical
Green
Microsoft Security Bulletin MS09-048
<1%
<1%
YES
Critical
Green
Microsoft Security Bulletin MS09-049
<1%
<1%
YES
Critical
Green

Legend:
No Issue
No Issues Detected
Fixable
Potentially fixable application Impact
Serious
Serious Compatibility Issue

Security Update Detailed Summary
MS09-045
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
Description
This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Jscript.dll
Impact
Critical

MS09-046
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
Description
This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Triedit.dll
Impact
Critical

MS09-047
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
Description
This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Wwmvcore.dll
Impact
Critical

MS09-048
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
Description
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Payload
Tcpip.sys, Tcpip6.sys, W03a3409.dll, Ww03a3409.dll
Impact
Critical

MS09-049
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
Description
This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.
Payload
L2sechc.dll, L2sechc.mof, Gatherwirelessinfo.vbs, Gatherwirelessinfo.xslt, eport.system.wireless.xml, Rules.system.wireless.xml, Wireless diagnostics.xml, Wlan.mof, Wlan.tmf, Wlanapi.dll, Wlanhlp.dll, Wlanmsm.dll, Wlansec.dll, Wlansvc.dll
Impact
Critical


No comments: