Windows updates for October 2009
MWahl | October 12, 2009 | 5:58 pmWith nine “Critical” and five “Important” updates, October’s patch Tuesday is going to be pretty important to say the least.
Microsoft will be addressing at least 34 vulnerabilities.
See the complete details here….http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx
| Bulletin ID | Bulletin Title and Executive Summary | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
|
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Critical |
May require restart |
Microsoft Windows |
|
|
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability. |
Critical |
Requires restart |
Microsoft Windows |
|
|
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Critical |
May require restart |
Microsoft Windows |
|
|
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Critical |
Requires restart |
Microsoft Windows |
|
|
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Critical |
May require restart |
Microsoft Windows |
lopsa
