Web search

Custom Search

Wednesday, 14 October 2009

MS October 2009 security issues

Parties of hotfix is the October 2009.

This month, MS published:

http://www.microsoft.com/technet/security/Bulletin/MS09-oct.mspx


Summary:

Microsoft has released 13 security bulletins listed below fixing a
number of vulnerabilities which affect various versions of Microsoft
products or components:

MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution
MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code
Execution
MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code
Execution
MS09-053 Vulnerabilities in FTP Service for Internet Information Services
Could Allow Remote Code Execution
MS09-054 Cumulative Security Update for Internet Explorer
MS09-055 Cumulative Security Update of ActiveX Kill Bits
MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing
MS09-057 Vulnerability in Indexing Service Could Allow Remote Code
Execution
MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of
Privilege
MS09-059 Vulnerability in Local Security Authority Subsystem Service Could
Allow Denial of Service
MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX
Controls for Microsoft Office Could Allow Remote Code Execution
MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime
Could Allow Remote Code Execution
MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution

To successfully exploit the vulnerabilities, a remote attacker could entice
a targeted user to open specially crafted media files, streaming content,
image files, web pages, .NET application or to load a specially crafted
ActiveX component. The attacker could also send specially crafted SMB
packet to an affected system or present a specially crafted certificate.

Microsoft October 2009 Black Tuesday Overview

More information about the vulnerabilities is available at:

More information about the vulnerabilities is available at:
http://www.microsoft.com/technet/security/Bulletin/MS09-050.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-051.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-052.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-057.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-058.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-061.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-062.mspx
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
http://secunia.com/advisories/36938/http://secunia.com/advisories/36944/
http://secunia.com/advisories/36979/http://secunia.com/advisories/36997/
http://secunia.com/advisories/36999/http://secunia.com/advisories/37000/
http://secunia.com/advisories/37001/http://secunia.com/advisories/37002/
http://secunia.com/advisories/37005/http://secunia.com/advisories/37006/
http://secunia.com/advisories/37007/http://secunia.com/advisories/37008/
http://www.vupen.com/english/advisories/2009/2886
http://www.vupen.com/english/advisories/2009/2887
http://www.vupen.com/english/advisories/2009/2888
http://www.vupen.com/english/advisories/2009/2889
http://www.vupen.com/english/advisories/2009/2890
http://www.vupen.com/english/advisories/2009/2891
http://www.vupen.com/english/advisories/2009/2892

http://www.vupen.com/english/advisories/2009/2893
http://www.vupen.com/english/advisories/2009/2894
http://www.vupen.com/english/advisories/2009/2895
http://www.vupen.com/english/advisories/2009/2896
http://www.vupen.com/english/advisories/2009/2897
http://xforce.iss.net/xforce/xfdb/48293http://xforce.iss.net/xforce/xfdb/48294http://xforce.iss.net/xforce/xfdb/52780http://xforce.iss.net/xforce/xfdb/53511http://xforce.iss.net/xforce/xfdb/53514http://xforce.iss.net/xforce/xfdb/53525http://xforce.iss.net/xforce/xfdb/53526http://xforce.iss.net/xforce/xfdb/53527http://xforce.iss.net/xforce/xfdb/53528http://xforce.iss.net/xforce/xfdb/53529http://xforce.iss.net/xforce/xfdb/53530http://xforce.iss.net/xforce/xfdb/53532http://xforce.iss.net/xforce/xfdb/53535http://xforce.iss.net/xforce/xfdb/53538http://xforce.iss.net/xforce/xfdb/53539http://xforce.iss.net/xforce/xfdb/53540http://xforce.iss.net/xforce/xfdb/53542http://xforce.iss.net/xforce/xfdb/53545http://xforce.iss.net/xforce/xfdb/53546http://xforce.iss.net/xforce/xfdb/53547http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=828http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=829


http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0090
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0091
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0555
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1547http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2495http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2497http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2500http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2501http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2502http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2503http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2504http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2507http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2510http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2511http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2515http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2516http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2517http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2518http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2521
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2524
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2525
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2526
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2527
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2528
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2529
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2530
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2531
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2532
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3023
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3126
Posted by Lofan at 17:34
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

uchrin

technorati