security bulletin
We have released the 4 security updates for February 2009.  A Summary of these bulletins is below with links to further technical details in each bulletin ID link.  We are also releasing Security Advisory (960715) – Update Rollup for ActiveX Kill Bits.  A summary of that is further down in the post.

Bulletin ID Bulletin Title

Maximum Severity Rating

Security Impact

Restart Requirement Affected Software
MS09-002 Cumulative Security Update for Internet Explorer

Critical

Remote Code Execution Requires Restart Microsoft Windows, Internet Explorer
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Critical

Remote Code Execution May Require Restart Microsoft Exchange Server
MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

Important

Remote Code Execution May Require Restart Microsoft SQL Server
MS09-005 Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

Important

Remote Code Execution May Require Restart Microsoft Office

Summaries of these bulletins can be found here. 

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available here.

New Security Advisory

We are also releasing a new set of ActiveX Kill Bits with Security Advisory (960715) - Update Rollup for ActiveX Kill Bits. The update includes kill bits for previously published Microsoft security bulletins:

 MS08-070, Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) Details here.

 

The update also includes kill bits for the following third-party software:

Akamai Download Manager: This security update sets a kill bit for an ActiveX control developed by Akamai Technologies. Akamai Technologies has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Akamai Technologies. This kill bit is being set at the request of the owner of the ActiveX controls.

Research in Motion (RIM) AxLoader: This security update sets a kill bit for an ActiveX control developed by Research In Motion (RIM). RIM has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Research In Motion. This kill bit is being set at the request of the owner of the ActiveX controls.

 

For more information about installing this update please see:

Microsoft Knowledge Base Article 960715: http://support.microsoft.com/kb/960715 

 Security Advisory 960715: http://www.microsoft.com/technet/security/advisory/960715.mspx

Please have a look at these updates and see where they apply in your environments.

Jeffa