Author Topic: Patch Tuesday - aka Microsoft Update  (Read 7130 times)

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
Patch Tuesday - aka Microsoft Update
« on: April 14, 2009, 05:05:53 PM »
There were a lot of security fixes pushed out last night/this morning via Microsoft Update.

Please make sure that all of your Windows systems are patched and up to date.

Just run Microsoft Update from the control panel.

T3RR0R15T

  • Map Committee
  • Autococker
  • Posts: 2593
Re: Patch Tuesday - aka Microsoft Update
« Reply #1 on: April 15, 2009, 07:36:31 AM »
Done.

eMo

  • VM-68
  • Posts: 184
Re: Patch Tuesday - aka Microsoft Update
« Reply #2 on: April 15, 2009, 08:30:26 AM »
XP / Vista?
both?

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
Re: Patch Tuesday - aka Microsoft Update
« Reply #3 on: April 15, 2009, 08:59:15 AM »
XP / Vista?
both?

Everything Microsoft OS
Server/XP/Vista

Justinph5

  • Autococker
  • Posts: 1159
Re: Patch Tuesday - aka Microsoft Update
« Reply #4 on: April 15, 2009, 09:22:15 AM »
so that's why my computer was restarted this morning.    (windows 7 also) ;)

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
Re: Patch Tuesday - aka Microsoft Update
« Reply #5 on: April 15, 2009, 09:57:21 AM »
Bingo

btw - you can change that setting so that Microsoft Update wil ldownload all ofthe updates, then you can decide when you want them to be installed.

Me, I always want to know what's getting installed so I elect when the updates get installed.

Justinph5

  • Autococker
  • Posts: 1159
Re: Patch Tuesday - aka Microsoft Update
« Reply #6 on: April 15, 2009, 10:02:06 AM »
eh, I'd rather have it restart automatically, so I don't have to go through it, then wait for the pop-up to show that new stuff has been installed, and what. It only installs the critical updates automatically though.

Zorchenhimer

  • Autococker
  • Posts: 2614
Re: Patch Tuesday - aka Microsoft Update
« Reply #7 on: April 15, 2009, 11:07:34 AM »
So what kind of things were fixed in this update (I'm too lazy to look it up without my laptop on)?

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
Re: Patch Tuesday - aka Microsoft Update
« Reply #8 on: April 15, 2009, 12:33:08 PM »
"MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)

This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.


MS09-013
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-014
Cumulative Security Update for Internet Explorer (963027)

This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)

This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.

MS09-016
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

MS09-015
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances."




Zorchenhimer

  • Autococker
  • Posts: 2614
Re: Patch Tuesday - aka Microsoft Update
« Reply #9 on: April 15, 2009, 04:25:32 PM »
Holy crap.  That's allot of vulnerabilities that should have been there in the first place.  :P