Microsoft Patch Day March 2009

Martin — Tue, 10 Mar 2009 17:26:36 +0000

Just a few minutes ago the patches for this month’s patch day have been uploaded to Windows Update and Microsoft Update. Users are encouraged to update their Microsoft operating system as soon as possible to close the recently discovered security vulnerabilities. Among the affected operating systems are practically all Microsoft operating systems since and including Windows 2000. This means the popular operating systems Windows XP and Vista are affected as well as Windows Server 2003 and 2008.

One security vulnerability has a critical rating for all affected operating systems while the other two are rated important by Microsoft’s security research team.

Details about the Security Bulletins can be found by following these links: Microsoft Security Bulletin MS09-006, MS09-007 or MS09-008. Another possibility is to access the Security Bulletin Summary at Microsoft Technet.

The vulnerabilities fix one remote code execution vulnerability and two spoofing vulnerabilities on the affected Windows operating systems:

Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
Vulnerability in SChannel Could Allow Spoofing
Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Tags: microsoft patch day, microsoft security, microsoft security bulletin, patch day, remote code execution, Security, security bulletin, spoofing, windows security, windows vulnerabilities

Microsoft February Security Updates

Martin — Wed, 11 Feb 2009 07:18:51 +0000

Microsoft has released a cumulative security update for Internet Explorer 7 and 8 that fixes several critical vulnerabilities in the web browser. It is recommended to update Internet Explorer as soon as possible to fix those vulnerabilities. The vulnerabilities are rated critical for Internet Explorer versions running under Windows XP or Windows Vista and moderate for Windows Server 2003 and Windows Server 2008. The article is mentioning downloads for Internet Explorer 8 beta but the linked article is not containing any. This seems to suggest that Internet Explorer 8 is affected by the vulnerability as well. This probably only affects pre release candidate builds of Internet Explorer 8.

The security update fixes the following two vulnerabilities: Uninitialized Memory Corruption Vulnerability and CSS Memory Corruption Vulnerability. Since it is a cumulative update it does apply all previous security updates for Internet Explorer on the computer system.

The easiest way to update affected systems is to use Microsoft Update which will download and apply the security updates automatically. The other possibility is to download the patch from Microsoft Download and apply it manually.

Microsoft has released three additional security bulletins:

Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

Tags: ie security updates, internet explorer 7, internet explorer 8, internet explorer security, internet-explorer, microsoft, microsoft exchange, microsoft office visio, microsoft patch day, microsoft security, microsoft sql server

gHacks technology news » microsoft patch day

Microsoft Patch Day March 2009

Related posts

Microsoft February Security Updates

Related posts