Critical ratings for Windows XP or Windows Server 2003 are usually important or moderate ratings for Windows Vista or Windows Server 2008 thanks to the increased security in those operating systems. Downloads are already available from various official sources including Automatic Updates, Windows Update or Microsoft Update.

• MS09-028 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-029 – Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-030 – Cumulative Security Update of ActiveX Kill Bits (973346) – This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-031 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) – This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS09-032 -Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) – This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
• MS09-033 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It is recommended to install the Microsoft Security Patches as soon as possible to close the security vulnerabilities.

Related posts

• Microsoft Patch Tuesday November 08 (0)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft Patch Tuesday December 08 (3)

This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update is available on Windows Update and Microsoft Update. Additional information and links can be found at the Security Bulletin that has been created for the security vulnerability. Users of affected software programs are encouraged to perform the security update as soon as possible.

Related posts

• Microsoft Security Updates April 2009 (2)
• Microsoft Patch Day March 2009 (4)
• Microsoft August 2008 Security Updates (0)
• Game Over For Windows Vista’s Security? (12)
• February 2008 Security Releases ISO Image (2)

• Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
• Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
• Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
• Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
• Cumulative Security Update for Internet Explorer (963027)
• Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
• Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

The easiest way to update is by visiting Windows Update or Microsoft Update. Please read our Windows Update Fix article if Windows Update is not working properly on your computer system. Alternatives are so called offline updates like Offline Update, Autopatcher or Update Windows Without Microsoft.

It is recommended to update the computer system as soon as possible to close the vulnerabilities.

Related posts

• Microsoft Security Updates November 2009 (2)
• Windows Security Updates September 2008 (0)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Microsoft August 2008 Security Updates (0)
• January 2009 Microsoft Security Bulletin (1)

One security vulnerability has a critical rating for all affected operating systems while the other two are rated important by Microsoft’s security research team.

Details about the Security Bulletins can be found by following these links: Microsoft Security Bulletin MS09-006, MS09-007 or MS09-008. Another possibility is to access the Security Bulletin Summary at Microsoft Technet.

The vulnerabilities fix one remote code execution vulnerability and two spoofing vulnerabilities on the affected Windows operating systems:

• Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
• Vulnerability in SChannel Could Allow Spoofing
• Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Related posts

• New Security Vulnerability Affects Windows Operating Systems (2)
• Microsoft Security Updates August 2009 (2)
• Microsoft Security Updates April 2009 (2)
• Microsoft Security Patches July 2009 (5)
• Microsoft Security Patches for June 2009 (12)

The security bulletin resolves three vulnerabilities in Microsoft Server Message Block (SMB) Protocol which could allow remote code execution on affected systems. An attacker could run programs, create new user accounts and view, change or delete data on the computer system. It is interesting to note that Windows 7 is affected as well even though it is not mentioned in the security bulletin.

The security vulnerability would be rated as moderate for the upcoming operating system which is why Microsoft will not provide a patch at the current time (They chose to only patch critical security vulnerabilities immediately). A patch will be released with the next public release of Windows 7.

Patches can be applied as usual through the various official update channels.

Related posts

• Offline Update 6 Adds Linux Support (3)
• Microsoft Security Updates April 2009 (2)
• Windows Update Fix (3)
• Microsoft Patch Day March 2009 (4)
• Windows XP Service Pack 3 Uxtheme.dll patch (41)

Two of the vulnerabilities allow remote code execution if the user opens a specially prepared file while the the other two make it possible with specially crafted mailto links and websites. It should be noted that not only Office 2000, Office 2003 and Office 2007
are affected but also Office for Mac, to be price Office 2004 and 2008 for Mac.

You can use the Microsoft Baseline Analyzer [link] to find out if your system is affected. My suggestion is to simply download the four patches and see if they install. You would get an error message if your system would not be affected.

Related posts

• Microsoft releases 11 security bulletins (0)
• Get your Microsoft Security Patches now (0)
• Zune does not allow to share all songs (3)
• Zoom It (4)
• Yuck new Windows Vista Ultimate Extras (20)

All critical vulnerabilities have the impact of remote code execution while the impact of the important vulnerabilities can be elevation of privilege, Denial of Service and remote code execution. Downloads are available at Windows Update and as single downloads if you follow the links in the security bulletins.

Information regarding all 11 security bulletins including download links can be found at the security bulletin overview website at Microsoft. Every user should update his system as soon as possible.

Related posts

• Watch three webcasts get vista and office for free (1)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Microsoft Download Portals Overview (7)
• Index.dat Suite (5)
• Export Internet Explorer’s Trusted and Restricted Sites (5)