Jeff Alexander's Weblog

Technical Evangelist - Windows Infrastructure

Microsoft Security Bulletin: August 2009 Update

Microsoft Security Bulletin: August 2009 Update

  • Comments 1
  • Likes

clip_image002

Please see details below of the August 2009 security bulletin.  The bulletins are being released on August 11th 2009 PST.  Please click each bulletin ID for more details on the update

Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS09-036 Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service. Important Denial of Service Does not require restart Microsoft .NET Framework on Windows Vista and Windows Server 2008.
MS09-037 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution. Critical Remote Code Execution Requires Restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-038 Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution. Critical Remote Code Execution Requires Restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution. Critical Remote Code Execution Requires Restart Microsoft Windows 2000 Server and Windows Server 2003
MS09-040 Vulnerability in Message Queuing Could Allow Elevation of Privilege. Important Elevation of Privilege Requires Restart Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
MS09-041 Vulnerability in Workstation Service Could Allow Elevation of Privilege. Important Elevation of Privilege Requires Restart Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-042 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution. Important Remote Code Execution Requires Restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
MS09-043 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution. Critical Remote Code Execution May require restart Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, and Microsoft BizTalk Server.
MS09-044 Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution. Critical Remote Code Execution Requires Restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Remote Desktop Connection Client for Mac.

You can get summaries of these bulletins here.

Microsoft Windows Malicious Software Removal Tool

We are also releasing an updated version of the Windows Malicious Software Removal Tool.  You can get more details at the MSRT Website.

New Security Advisory

In addition to the new security bulletins outlined above we are also releasing on new security advisory.  Below is an overview.

Identifier Security Advisory 973811 - Extended Protection for Authentication
Summary

Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to “opt-in” to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials.

Mitigating Factors
  • Internet Explorer will never send credentials automatically to servers hosted in the Internet zone. This reduces the risk that credentials can be forwarded by an attacker within this zone.
  • Applications that use session signing and encryption (such as remote procedure call (RPC) with privacy and integrity, or server message block (SMB) with signing enabled), are not affected by credential forwarding.
Recommendations Review Microsoft Security Advisory 973811 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Additional Information

Q: Is this a security vulnerability that requires Microsoft to issue a security update?
A: No, this is not a security vulnerability that requires Microsoft to issue a security update. This feature requires optional configuration that some customers may choose to deploy. Enabling this feature is not appropriate for all customers. For more information about this feature and how to appropriately configure it, see Microsoft Knowledge Base Article 973811. This feature is already included in Windows 7 and Windows Server 2008 R2.

More Resources

Microsoft Security Advisory 973811 - Extended Protection for Authentication: http://www.microsoft.com/technet/security/advisory/973811.mspx

Microsoft KB Article 973811: http://support.microsoft.com/kb/973811

Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/

Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/

Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/

Jeffa

Comments
  • One of the SIDE effects of the latter MS09-038 if loading them onto a computer with Windows Media Player Series 9.0  Is that it WILL FORCE you to UPGRADE to Windows Media Player version 11.0  AFTER the RESTART.

    We are Skeptical about loading Microsoft Updates without testing. We refuse to be BETA Testers unwillingly for their software; on most occasions thats what you are.

    Windows XP Pro Serv Pack 2 + HOLDING, I.E. 6.0 and HOLDING Adobe FLASH Version 9.0...Why update to increase MORE FLASH ADVERTISING?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment