Microsoft has released the following security patches (with a link pointing to the security bulletin containing additional information, deployment guidelines and download opportunities):

• MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (Critical) – This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
• MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (Critical) – This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) (Critical) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-054 Cumulative Security Update for Internet Explorer (974455) (Critical) – This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-055 Cumulative Security Update of ActiveX Kill Bits (973525) (Critical) – This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) (Critical) – This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) (Critical) – This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.
• MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (Critical)- This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-053 Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) (Important) – This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
• MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) (Important) – This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
• MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) (Important) – This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS09-059 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) (Important) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

Adobe will also release security patches later today for critical vulnerabilities in Acrobat Reader.

Related posts

• Windows Security Updates September 2008 (0)
• Microsoft Security Updates for June 2008 (0)
• Microsoft August 2008 Security Updates (0)
• Download All Updates For Windows From Microsoft (2)
• Windows XP Service Pack 3 Release Candidate 2 Refresh (2)

Critical ratings for Windows XP or Windows Server 2003 are usually important or moderate ratings for Windows Vista or Windows Server 2008 thanks to the increased security in those operating systems. Downloads are already available from various official sources including Automatic Updates, Windows Update or Microsoft Update.

• MS09-028 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-029 – Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-030 – Cumulative Security Update of ActiveX Kill Bits (973346) – This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-031 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) – This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS09-032 -Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) – This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
• MS09-033 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It is recommended to install the Microsoft Security Patches as soon as possible to close the security vulnerabilities.

Related posts

• Microsoft Patch Tuesday November 08 (0)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft Patch Tuesday December 08 (3)

The easiest way to download and install the patches is by pointing the Internet Explorer web browser to Microsoft Update which will automatically detect and install the available patches for the computer system. Other possibilities include downloading the security patches from Microsoft Download Center from where they are available as well.

Six vulnerabilities have been rated as critical, three as important and one as moderate. Critical security vulnerabilities can usually be exploited for remote code execution meaning it is essential to fix these vulnerabilities quickly. You can follow the links below for additional information about each vulnerability.

• MS09-018 – Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
• MS09-019 – Cumulative Security Update for Internet Explorer (969897)
• MS09-020 – Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
• MS09-021 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
• MS09-022 – Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
• MS09-023 – Vulnerability in Windows Search Could Allow Information Disclosure (963093)
• MS09-024 – Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
• MS09-025 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
• MS09-026 – Vulnerability in RPC Could Allow Elevation of Privilege (970238)
• MS09-027 – Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

Related posts

• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Windows Vulnerability Scanner (4)
• Microsoft updates two critical security patches (5)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches April 2008 (0)

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
• MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
• MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
• MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
• MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
• MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
• MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
• MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

Related posts

• Microsoft Security Updates November 2009 (2)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft Patch Tuesday November 08 (0)
• Microsoft Security Updates April 2009 (2)

The vulnerability rated as critical could allow remote code execution in the in Microsoft XML Core Services while the vulnerability rated important could allow remote code execution in Microsoft Server Message Block (SMB) Protocol.

Both security vulnerabilities can be fixed by using Windows Update or by downloading the security updates directly from the Microsoft Download website by following the two links given above in this article.

Related posts

• Microsoft Security Patches April 2008 (0)
• Microsoft Security Patches July 2009 (5)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Patch Tuesday December 08 (3)
• Microsoft releases two security patches for Windows (1)

Microsoft released a batch of eleven security patches for various operating systems and products yesterday which are available by visiting Windows Update or Microsoft Technet which contains in depths information about the affected products and the security vulnerabilities.

The patches fix four critical, six important and 1 moderate security vulnerability:

• Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
• Cumulative Security Update for Internet Explorer (956390)
• Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

• Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
• Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
• Vulnerability in SMB Could Allow Remote Code Execution (957095)
• Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
• Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

• Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

It is highly recommended to update the products as soon as possible to protect the system from this attacks.

Related posts

• Microsoft Security Patches for June 2009 (12)
• Windows Vulnerability Scanner (4)
• Watch three webcasts get vista and office for free (1)
• Microsoft Security Updates April 2009 (2)
• Microsoft Security Patches April 2008 (0)

This can be achieved with a small batch file that will create a list of all installed Windows hotfixes and the date and time that they have been installed on the system. The information is taken directly from the KBxxxxxx.log files that are created for each individual hotfix that is installed in Windows.

Those log files are located in the Windows directory and it would take some time to check them manually to build the list. Here is a screenshot of the output which is saved in a text document in the root directory of the main hard drive.

The code which has to be added in one line is the following:

dir %windir%\*.log /o:d | findstr /i /r /c:q......\.log /c:kb......\.log /c:q......uninst\.log /c:kb......uninst\.log > %systemdrive%\hotfixes.log

Some of you might prefer a direct download, just download the knowledgebase file and unpack it to the computer system. It contains the same code that is shown above.

Related posts

• Windows Update Fix (3)
• Windows Cannot Find Msconfig (7)
• Stop Restart Now Restart Later Dialog After Windows Updates (8)
• Quick Launch Icon Size (9)
• Microsoft Security Updates October 2009 Online (3)

A third possibility came to light recently with the introduction of the Windows Update Catalog. Like the Windows Updates website the Windows Update Catalog only loads properly in Internet Explorer. It does offer however a nice and convenient way of download all updates for Windows in one go from the official Microsoft server.

The website features a search form that searches the entire Windows database of patches, updates and applications. Entering a generic name like Windows XP returns more than 1000 results which means that it makes sense to reduce the results by narrowing down the search.

Instead of searching for Windows XP a user could search for Windows XP Security Updates or Windows XP KB. Items can be added to the basket from where they can be downloaded at once. The updates will be stored in a selected folder from where they can be installed.

The Windows Update Catalog offers an enhancement by introducing the basket which makes it possible to add all files to it before downloading them in one go. This is a great way of downloading all updates for Windows in short time.

It is missing a few features like filtering search results by operating system or language which would greatly reduce the hits and time spent on the site.

Related posts

• Windows XP Service Pack 3 Release Candidate 2 Refresh (2)
• Updatestar check if Software Updates are available (3)
• Software Updates Week 13 2008 (0)
• List all installed Windows Updates (0)
• Word Document Property Tool (0)

All critical vulnerabilities which affect Microsoft Windows, Microsoft Office and Internet Explorer allow Remote Code Execution. The easiest way to patch these security vulnerabilities is by visiting the Windows Update website with Internet Explorer and let a script check the available updates for your system. Please note that you will be asked if you want to install Service Pack 3 Refresh 2 for Windows XP if you use that operating system. My advise would be to not install this version yet and wait for the release version.

All security updates will be displayed and are selected for immediate download and installation. You could follow the link above which leads to the Microsoft website that explains the vulnerabilities and leads to downloads of the patches. This means that you have to make sure to pick the correct downloads for your operating system and software.

Related posts

• Microsoft Security Updates May 2008 (0)
• Microsoft releases two security patches for Windows (1)
• Microsoft Patch Tuesday November 08 (0)
• XP SP3 and Vista SP 1 available through Windows Update (6)
• Windows XP WGA To Mimic That Of Windows Vista (18)

Two security patches have been released this month, they are the critical Microsoft Security Bulletin MS08-001 and the important Microsoft Security Bulletin MS08-002. The critical patch fixes vulnerabilities in Windows TCP/IP that could allow remote code execution while the important patch deals with a vulnerability in LSASS that could allow local elevation of privilege.

Both patches are available through Windows Updates but also as single downloads. Several operating systems need to be patched including Windows Vista (only the critical), Windows 2000 and Windows XP. Downloads are available if you follow the links above.

Related posts

• Microsoft Security Patches April 2008 (0)
• Microsoft releases security updates for XP and Vista (1)
• XP SP3 and Vista SP 1 available through Windows Update (6)
• WPF Performance Fix for Windows Vista and XP (1)
• Windows XP WGA To Mimic That Of Windows Vista (18)

Besides listing all updated files the tool offers links to the Microsoft website detailing information about the update that has been installed. This is great to verify what the update fixed. All the information can be exported as text, html or xml files.

You can run the software on all Windows operating systems starting with Windows 98 except Windows Vista. WinUpdatesList can also be used to gather the updates from a second installation of Windows XP / 2000 or from a remote computer.

To get these information you use the following two commands:

Another operating system on the same computer: (replace e:\winnt with the drive and dir)

wul.exe /another e:\winnt

Using the software to get the list from a remote computer: (replace 192.168.0.10 with the IP of the remote computer)

wul.exe /remote \\192.168.0.10

Read More:

Win Updates List

Related posts

• Microsoft Security Updates October 2009 Online (3)
• List all installed Windows Updates (0)
• Download All Updates For Windows From Microsoft (2)
• Create A List Of All Installed Windows Hotfixes (7)
• Windows XP Service Pack 3 Release Candidate 2 Refresh (2)