In this case, the critical rating applies to all operating systems that Microsoft supplies with security patches. This includes the client operating systems Windows XP, Vista and Windows 7 as well as the server operating systems Windows Server 2008 and 2008 R2.

Here are two graphs visualizing the severity and exploitability index and the bulletin deployment priority.

Here is the list of security bulletins released in November 2011 by Microsoft.

• MS11-083 – Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
• MS11-085 – Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
• MS11-086 – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
• MS11-084 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Microsoft has published a video in which Jerry Bryant discusses this month’s bulletins (Silverlight required).

Additional information about this month's security bulletins are available on the Technet Blog page and the Microsoft Security bulletin Summary for November 2011.

The updates are already available on Windows Update. Users who have started their computer earlier today may need to run a manual update check in Windows Update.

The updates will also be available shortly at Microsoft's Download center.

If you look at the maximum severity rating you notice that the Windows vulnerabilities have received a severity rating of critical, the highest possible rating. The Office bulletin on the other hand received a rating of important, the second highest rating.

Microsoft Security Bulletin MS11-035 offers detailed information about the Windows vulnerability. It affects only Windows Server products, from Windows Server 2003 to Windows Server 2008 R2. Not affected are all client operating systems of Microsoft.

If you look at Microsoft Security Bulletin MS11-036 you notice that Office XP, 2003 and 2007 are affected on Windows. Furthermore affected are Microsoft Office 2004 and 2008 for Mac, the Open XML File Format Converter for Mac and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.

Why is not Office 2010 affected by the vulnerability? Because Office File Validation mitigates the risk of the vulnerability.

• MS11-035 – Vulnerability in WINS Could Allow Remote Code Execution (2524426) – This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
• MS11-036 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814) – This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270.

Additional information on both vulnerabilities are available at the MSRC Technet Blog.

The patches are available via Windows Update or the Microsoft Download Center. The May Security Release ISO image is available there as well.

One of the vulnerabilities has a maximum severity rating of critical, the highest possible. The two remaining vulnerabilities are rated as important.

A critical vulnerability has been discovered in Windows Media that could be exploited for remote code execution. The vulnerability has been rated as critical for all Microsoft client operating systems, from Windows XP to Windows 7. Windows Server 2008 R2 is the only server product affected, the vulnerability received a rating of important here.

Below are links to each security bulletin. The Bulletins offer information about the affected products, severity rating and non-affected software.

Users can update their Windows operating system and Microsoft Office via Windows Update, the Microsoft Download Center or by downloading the March 2011 Security Release ISO image.

In other news, Microsoft is still working on a fix for the MHTML-related vulnerability that was discovered in January. Additional information are available at the Microsoft Security Response Center.

The easiest way to launch the Windows Update applet is to click on the start orb of the operating system to launch the Control Panel that is linked from there.

The Windows Update control panel applet is located under System And Security.

The first screen displays the updates that are currently available as well as information about the most recent update checks, the last time and day updates were installed and what kind of updates are received. It is here possible to install the updates or get additional information about each update.

The left sidebar offers several options. This includes a manual check for updates, information about updates that have been previously installed in the operating system and update options. A click on change settings displays the available options to the user.

Important Updates details how updates are processed on the system. The recommended setting is to download and install updates automatically on the system. This gives the user no control over the update process. The three additional options are the following:

• Download updates but let me choose whether to install them
• Check for updates but let me choose whether to download and install them
• Never check for updates

The first two give the user time to check the updates before they are installed on the system.

But the options offer more than just a setting that determines if and how updates are installed.

Give me recommended updates the same way I receive important updates adds recommended updates to the updating process. Users who have configured updates to be installed automatically on the system would not only install important updates (usually security and stability updates) but also recommended updates which range from compatibility updates to revised help files and feature additions.

Recommended updates are otherwise (with the option disabled) displayed as available updates but installed automatically.

Who can install updates defines if all users of the computer can install updates. Standard users can not install updates if the option is disabled.

Microsoft Update determines if Windows Update will check for updates for other (installed) Microsoft products and new Microsoft software as well.

Software notifications finally determines if detailed information are displayed when new Microsoft software is available.

What are the best Windows Update settings then? I personally prefer to receive update notifications and select updates individually for download and installation. This gives me time to block updates that I do not need before they are installed on the computer. Most Windows users on the other hand may be better of with the automatic installation of updates, especially if they do not have the time or experience to determine if the update is important.

I keep all remaining options enabled. The who can install options stays enabled because I’m working on a single user system. If I had to share the PC I would disable it to avoid problems when other users are installing updates that may conflict with software or hardware running on the system.

How do you handle Windows updates? Do you install them automatically or test / check them before you install them?

Windows Update Details

Windows Update always downloads these vital updates automatically. But, you can set up the service to install all or some of the updates as they are received, or to let you review the pending updates before you decide on which to install. Windows Update will provide a Windows PC with:

• The most recent security updates for your OS
• OS updates to improve performance and reliability
• Device drivers from both Microsoft and other companies

Upgrades are different from updates, in that upgrades are new versions of application software, or of the OS itself. Minor version upgrades may be available from Microsoft through Windows Update, but major version upgrades would likely involve a new software purchase, perhaps at a lower upgrade price.

The Microsoft Download Center is a website that contains all the elements of the Microsoft software updating, upgrading, and downloading programs that are both necessary and useful for the continuing operation of your Windows operating system.

The web site contains sub-sites for:

• Microsoft Windows Update
• Microsoft Download Notifications
• Microsoft Store (for both Windows software and MS Office software)
• Microsoft OS Service Packs
• Microsoft Technologies (focusing on Internet Explorer, DirectX, and Windows 7)

Timeline for Windows Updates

Patch Tuesday, the second Tuesday of every month, is the day that security updates are globally distributed via Windows Update and the Internet. Emergency security updates, however, may be distributed any time it is deemed necessary because of a newly discovered exploit that targets MS Windows.

The Internet is the preferred avenue of distribution for Windows Update to PCs, but Microsoft also provides other means for updates to be received by computers with no Internet connection. However, the PC interface controlling receipt of distributions is different for the various versions of Windows:

• Customer access at the MS Windows Update website (Windows 98, Windows XP, Windows ME, Windows 2000)
• Control Panel applet (Windows 7, Windows Vista)

With any OS before Windows Vista, an update that required a PC reboot would display a dialog box every few minutes which would request that the machine be rebooted. In Windows Vista and Windows 7, the same dialog box allows entry of a time period, up to four hours, before another dialog box appears — however, some updates that require a reboot may create a displayed countdown, at the end of which the computer will reboot no matter what the current user on the PC is doing, causing possible problems if data is not saved or the user is in the middle of a game.

Tip: It is possible to prevent the forced shutdown manually with the command shutdown –a in the Windows command line.

If there is an unexpected PC shutdown in the middle of an update download, Windows Update makes use of a feature of Windows system files called Transactional NTFS to enable the system to recover cleanly and to ensure that partially loaded updates are fully loaded before being applied.

Windows Update Levels

There are three levels Of Window Updates: Optional, Recommended, and Important.

Optional Updates, are, of course, optional, that a user can review, and choose to install or not to install. Included are:

• Offers for new or trial MS Windows software
• Updated device drivers from non-Microsoft companies (a driver may be promoted to Recommended level if your system is missing that driver and needs it, or the new driver has major feature revisions)

Recommended Updates are those enhance the computing OS experience, improving performance. Included are:

• Compatibility updates
• Revised contents of Help files
• New features for the Windows OS
• New features for other Microsoft software

Important updates are oriented more toward security and reliability. Included are:

• Security and privacy updates
• Significant reliability updates
• Updates for detection of non-genuine Microsoft software
• Verification of copyright-protected media

Options can be set to download and install automatically both the Important updates (set as a default) and the Recommended updates — with Windows XP, however, only the updates that are classified High-Priority will be downloaded and installed automatically.

Disabling Windows Update

If you want to disable Windows Update, you can disable the service for the PC, or by user-name. For an entire PC, the Group Policy Editor is used to disable Windows Update in the general User Configuration.

For individual users, REGEDIT is used to disable Windows Update in a User Registry key:

• In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, create a new DWORD key.
• Make the Name of the key NoWindowsUpdate, and set the Value to 1.
• Whenever this user attempts to start Windows Update, an error message will display.

Troubleshooting Windows Update Errors

Windows Update is an essential maintenance element for the optimum performance of your computer. However, errors can occur during the normal operation of this important service. Here’s where we describe what measures you can take if Windows Update stops working on your computer system.

Measure #1: Check Internet Connection

Windows Update depends a great deal on Internet connectivity. First step is to see if you have full Internet connectivity by connecting to several web sites — if able to do so, the next step is to check the reliability of the connection, by checking email, signing on to forums, and looking at videos. If connection seems reliable, wait fifteen minutes and try running Windows Update again.

Measure #2: Start Supporting Services

Windows Update depends on several other services that also must be running on your PC. Check for these other services by clicking on Start, typing SERVICES.MSC, and pressing ENTER. Check in the display of services at the right for the names:

• Background Intelligent Transfer Service
• Cryptographic Services
• Automatic Updates
• Event Log

For each one whose Status is not Running, double-click to make the General tab appear — Startup Type should be Automatic. Click the Start button to change the service to a Running status.

Measure #3: Check Firewalls

The next measure to make sure the Windows Firewall is running, and not a firewall from a company other than Microsoft. To ensure continuous firewall protection, turn on the MS Firewall before turning off any other firewall.

• First, enable the Windows firewall by clicking Start…Run, typing FIREWALL.CPL in the Open box, and pressing ENTER.
• Second, disable any other firewall that may be running on your PC.

Now, try running Windows Update again.

Measure #4: Check Anti-Virus

Start the Security Center applet in the Control Panel, and turn off or disable the anti-virus application listed under either ‘Virus Protection’ or ‘Malware Protection’ section. Try running Windows Update again, and then immediately go back to the Security Center and enable the anti-virus application that had been disabled. Be careful with this measure — temporarily turning off your anti-virus application may allow Windows Update to start up, but, at the same time, doing so will leave your PC vulnerable.

Measure #5: Check Accelerators

Check to see if your PC has any Internet accelerators installed to increase the performance of Internet access. Such software can interfere with the operation of Windows Update. Consult the documentation for those accelerators to either disable or uninstall the software. Check the operation of Windows Update again.

Measure #6: Reset the Windows Update Folder

A corrupt file within the Windows Update distribution folder may be causing a problem with Windows Update. The solution is to reset the folder.

• Open a command prompt with the CMD, making sure the command is being Run as Administrator.
• In the CMD prompt, type WuAuServ and press enter (this action stops the Windows Update service).
• Wait for a response that the Windows Update service was successfully stopped.
• Type %windir% in the OPEN box of the Start Menu, and press Enter.
• Right-click the SoftwareDistribution folder, and select Rename.
• Rename the folder to SoftwareDistributionOLD (saving the original contents so that you can revert to them if needed by renaming to the original name).
• Back in the CMD window, type “net start WuAuServ” (without quotes). and press ENTER.
• Use the same steps you used in Measure #2 to check to see if the Windows Update service is running.

Try to run Windows Update — if unsuccessful, rename the SoftwareDistributionOLD folder back to its original name of SoftwareDistribution.

Measure #7: Check System Files

System files may have become corrupted, and you may need to scan the Windows system files to see if they are still correct and accurate.

• In a CMD box (started up in the same way as described in Measure #6), type “sfc /scannow” (without quotes), and press ENTER.
• When the scan is done, close the CMD box, and reboot your PC.

Try running Windows Update when your PC comes back up.

Measure #8: Verify BITS Files

BITS stands for Background Intelligence Transfer Service, and these files are essential to the functioning of Windows Update. It is possible the BITS files on your PC may be corrupted. You can download a BITS repair tool at the MS website:

32-bit Windows

64-bit Windows

Once you’ve downloaded and installed the BITS Repair Tool on your PC, reboot and let the tool run.

Measure #9: Check Support Sites

Check these two Microsoft support websites for descriptions of problems that may be similar to yours, with possible solutions.

FAQ
Problems

If this last measure does not help you to restore Windows Update to its proper functioning, then contact MS Customer Support.

Helpful Windows Update Videos

Other Update Tools

Windows Update takes care of the specific updates to the Windows operating systems, and those to other Microsoft software applications as well — but what about all those other software applications that you have installed on your PC that have just a great a need for up-to-date updates? Here are several update tools that will help you take care of the need for updates by your other software applications.

CTUpdate (WSUS Offline)

Supports all Microsoft operating systems and languages. Users just need to select their operating system and language from the list to download all updates for it. It is optionally possible to create an ISO image or copy the data to an USB device instead of a hard drive. The patches can then be applied once everything has been downloaded.

Windows Update Downloader

Only for pre-Windows 7 operating systems. WUD allows you to download all of the current Windows Updates using a simple interface. All of the updates are contained in Update Lists (ULs) which allows you to choose which updates you want for which version of Windows.

UpdateStar

Update Star is a freeware application that helps you keep track of all the software installations on your PC, checking that the latest patches, fixes, and updates are downloaded for whatever is installed on your PC. This software does not download anything, though.

Software-Uptodate

This monitoring tool checks with an online database to see what’s current for updates for many software packages, and displays a notification when there is an available update (although it does not do the download itself).

Personal Software Inspector

This monitoring software, from Secunia Company, uses a database containing information on over four thousand software applications to inspect your system for weak spots, such as missing critical patches for software installed on your PC. The software, however, does not download anything.

Additional Resources

See also

Fixing Windows Update Error 0x80072ee2
Windows Update Fix
Windows Update Error services not running

This month’s patch day is huge. While it is not the largest in history, it addresses the impressive amount of 49 vulnerabilities affecting Windows, Internet Explorer, Microsoft Office and the .net framework.

Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office. This month we also have a few bulletins originating from product groups that we don’t see on a regular basis. For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework. It’s worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating. Further, three of the bulletins account for 34 of the total vulnerabilities. (via)

Deployment Priority

Severity and Exploitability

Four of the vulnerabilities have a maximum severity rating of critical, 10 of important and the remaining 2 of moderate.

• MS10-071 – Cumulative Security Update for Internet Explorer (2360131) – This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-075 – Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679) – This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player network sharing service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.
• MS10-076 – Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) – This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-077 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) – This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.
• MS10-072 – Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML.
• MS10-073 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) – This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

  An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-078 – Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) – This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-079 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) – This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-080 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211) – This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-081 – Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011) – This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-082 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-083 – Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-084 – Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs specially crafted code that sends an LPC message to the local LRPC Server. The message could then allow an authenticated user to access resources that are running in the context of the NetworkService account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

• MS10-085 – Vulnerability in SChannel Could Allow Denial of Service (2207566) – This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.
• MS10-074 – Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149) – This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-086 – Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) – This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster.

The patches are as usual available via Windows Update and Microsoft Download. Microsoft has furthermore released the October 2010 Security Release ISO Image containing all references security patches and Knowledgebase articles.

A total of nine bulletins has been released by Microsoft of which four have received a maximum vulnerability impact rating of critical, the highest possible rating. As usual, not all operating systems and applications are affected with the same severity. Microsoft’s latest desktop operating system Windows 7 for instance is either not affected by the critical vulnerabilities, or with a lower severity of important.

windows updates

Below are the vulnerability summaries for all nine bulletins that have been released by Microsoft in September 2010:

• MS10-061 – Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) – This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system.
• MS10-062 – Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) – This security update resolves a privately reported vulnerability in MPEG-4 codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-063 – Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) – This security update resolves a privately reported vulnerability in the Unicode Scripts Processor. The vulnerability could allow remote code execution if a user viewed a specially crafted document or Web page with an application that supports embedded OpenType fonts. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-064 – Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) – This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened or previewed a specially crafted e-mail message using an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-065 – Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) – This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Information Services (IIS). The most severe of these vulnerabilities could allow remote code execution if a client sends a specially crafted HTTP request to the server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• MS10-066 – Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if an attacker sent a specially crafted RPC response to a client-initiated RPC request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker must convince the user to initiate an RPC connection to a malicious server under the attacker’s control. An attacker could not remotely exploit this vulnerability without user interaction.

• MS10-067 – Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opened a specially crafted file using WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS10-068 – Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if an authenticated attacker sent specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. In order to successfully exploit this vulnerability, an attacker must have a member account within the target Windows domain. However, the attacker does not need to have a workstation joined to the Windows domain.
• MS10-069 – Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logged on to an affected system that is configured with a Chinese, Japanese, or Korean system locale. An attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft’s Jerry Bryant has posted graphs for the deployment priority and severity exportability index in a blog post.

severity exportability index

deployment priority

Happy patching everyone.

Affected software includes several Microsoft operating systems and Microsoft Office, take a look at the listing below for additional details on every security bulletin released today.

• Microsoft Security Bulletin MS10-042 – Critical
  Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593) – This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
• Microsoft Security Bulletin MS10-043 – Critical
  Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) – This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
• Microsoft Security Bulletin MS10-044 – Critical
  Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution – This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS10-045 – Important
  Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) – This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights

microsoft security updates

microsoft patch day deployment priority

Affected software:

• MS10-042 – Windows XP, Windows XP Pro 64-bit, Windows Server 2003, Windows Server 2003 64-bit
• MS10-043 – Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems
• MS10-044 – Microsoft Office 2003 , Microsoft Office 2007
• MS10-045 – Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2007

All vulnerabilities allow remote code execution on compromised systems. Additional information about this months’ patches are available at the Technet blog post.

A total of eleven security bulletins have been released that update the Windows operating system as well as other Microsoft software like Microsoft Office.

The updates fix security vulnerabilities in Microsoft applications and it is generally recommended to update the operating systems and applications as soon as possible to close the security holes and protect the systems from malicious attacks exploiting these vulnerabilities.

Five of the vulnerabilities have received a critical rating, the highest and most severe rating that vulnerabilities can get.

• MS10-019 – Vulnerabilities in Windows Could Allow Remote Code Execution (981210) – This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS10-020 – Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) – This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
• MS10-025 – Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) – This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.
• MS10-026 – Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) –
  This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-027 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-021 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) – This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS10-022 – Vulnerability in VBScript Could Allow Remote Code Execution (981169) – This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable, however, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating.

  The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

• MS10-023 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-024 – Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.
• MS10-028 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) – This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-029 – Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338) – This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update.

  This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.

The security updates can be downloaded by following the links listed above or by launching Windows Update or Microsoft Update to download and install them automatically on the computer system.

Non-security related patches are released more commonly and users with automatic updates enabled will usually get little to no notice about these updates. Users without automatic updates on the other hand might not even know that new updates have been released as the Oracle over at Lockergnome points out.

Microsoft has apparently released an update for Windows 7 and Windows Server 2008 R2 on Monday night that they call a reliability update. The patch fixes the following issues that are related to Microsoft Customer Support Services and the Error Reporting Service:

• Keyboard function keys or keyboard shortcuts, such as mute or calculator, may not work correctly
• The notification icon for an application may be moved or lost when the executable application is update
• On a computer that is running Windows 7, you configure the Screen Saver Settings to display the logon screen on resume. Additionally, you configure the computer to go to sleep. However, the computer may not go to sleep after the screen saver starts. Instead, a black screen is displayed. This problem causes the operating system to stop responding. You must restart the computer by holding down the power button.

Links To Update on Microsoft website.

Windows 7 32-bit
Windows 7 64-bit
Windows Server 2008 R2

Microsoft has also released the following updates:

You may encounter problems when you move data over USB from a Windows 7-based or Windows Server 2008 R2-based computer that has an NVIDIA USB EHCI chipset and at least 4GB of RAM.

Links To Update on Microsoft website.

Windows 7 64-bit and Windows Server 2008 R2

Windows 32-bit

System Update Readiness Tool for Windows 7 – This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software.

Links To Update on Microsoft website.

Windows 7 32-bit
Windows 7 64-bit
Windows Server 2008 R2

Update for Windows 7 (KB974674) – Utility for restoring backups made on Windows XP and Windows Server 2003 to computers that are running Windows 7 and Microsoft Windows Server 2008 R2.

Links To Update on Microsoft website.

Windows 7 32-bit
Windows 7 64-bit
Windows Server 2008 R2

Three of the vulnerabilities have a maximum severity rating of critical while the other three are rated as important. The vulnerability impact is either a remote code execution or denial of service attack. It is recommended to patch computer systems and programs that are affected by these vulnerabilities as soon as possible to prevent attacks that are making use of these vulnerabilities.

• MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication.
• MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) – This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-072 – Cumulative Security Update for Internet Explorer (976325) – This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; this vulnerability has been described in Microsoft Security Advisory 973882 and Microsoft Security Bulletin MS09-035.
• MS09-069 – Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
• MS09-070 – Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
• MS09-073 – Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) – This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

Patches can be downloaded from the usual sources including Automatic Update, Windows Update, Microsoft Update or by following the links of individual vulnerabilities above.

Microsoft has released the following security patches (with a link pointing to the security bulletin containing additional information, deployment guidelines and download opportunities):

• MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (Critical) – This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
• MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (Critical) – This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) (Critical) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-054 Cumulative Security Update for Internet Explorer (974455) (Critical) – This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-055 Cumulative Security Update of ActiveX Kill Bits (973525) (Critical) – This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) (Critical) – This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) (Critical) – This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.
• MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (Critical)- This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-053 Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) (Important) – This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
• MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) (Important) – This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
• MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) (Important) – This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS09-059 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) (Important) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

Adobe will also release security patches later today for critical vulnerabilities in Acrobat Reader.

The program works the following way: Users start by adding a list of IP addresses or computer names to the program. It is then possible to highlight some or all of them to perform actions on the selected hosts. Actions can be selected by either selecting them from the Actions menu or by right-clicking.

Available actions are:

• Ping. The ping reply initially displays in black, then red if it times out, and then after 4 consecutive time-outs, any subsequent replies will turn blue to signify that the machine has been rebooted
• Install Windows Updates on the remote machine(s) (requires Microsoft’s SysInternals PsExec in your system path)
• View the WSUS installation log for the remote machine(s) – this log is stored in C:\RRx on all remote computers. (Tip: You can doubleclick a row to view the log file)
• Reboot the remote machine(s) (will also automatically start ping monitoring if you haven’t already started it)
• Retrieve the last boot-up time of the remote machine(s) – comes in very handy when you’re rebooting machines
• Load a | delimited text file to automatically populate the “Notes” column – this makes it simple to keep an ongoing list of any instructions you might have that are specific to certain machines, such as programs to start after a machine is rebooted and logged on.

Along with RemoteRebootX.exe there are 3 additional .NET executables included in the zip file below. To use them you must have the WSUS Admin Console 3.0 installed on your computer. They will allow you to connect to your WSUS server and …

• Retrieve a list of computers that have already downloaded updates but haven’t installed them
• Retrieve a list of computers that have already installed updates and are waiting to be rebooted
• Retrieve a list of computers that have not checked in with the WSUS server in more than 3 days

Additional information and usage tips are available at the developer’s website. Remote Reboot X has been developed in Microsoft’s Visual C# 2008 and requires therefor the Microsoft .net Framework. Doug does not mention the .net Framework version on his website though.

The dialog offers no way of delaying the reminder or letting the operating system know that a manual start will eventually be performed.

There is however a solution to the problem instead of having to click on the Reboot Later button dozens of times. The dialog is fueled by the Automatic Updates service. All that needs to be done to get rid of the Restart Now Restart Later dialog window is to stop the Automatic Update service. This will also stop the restart message boxes from appearing. The Automatic Update service will automatically be started by Windows on the next system start.

Do the following to stop Automatic Updates:

• Press [Windows R], enter [services.msc] and hit enter.
• Locate the Automatic Update service and right-click it.
• Select Stop from the context menu to stop the service.

This procedure will stop the restart now restart later window from appearing on the computer system.

Affected operating systems include Windows Vista, Windows XP, Windows Server 2003 and 2008, Windows 2000 but not Windows 7. Downloads are available from the usual locations including automatic updates, Windows Update, Microsoft Update or by following the links in the security bulletins below.

• MS09-043 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

  This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-044 Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

  This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

  This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

• MS09-038 – Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

  This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-037 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

  This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-041 Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

  This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

• MS09-040 Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

  This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

• MS09-036 Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

  This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.

• MS09-042 Vulnerability in Telnet Could Allow Remote Code Execution (960859)

  This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with

There are several situations where an ISO image with all Windows XP updates might come in handy. It is for instance possible to install Windows XP updates to a computer system prior to going online with the system. Another reason is easier distribution. Think of multiple computers in a computer network. Instead of downloading and installing the Windows XP updates multiple times (once for every computer system) they could be downloaded once in form of the PatchMate XP iso and applied to all computer systems.

The download and installation is also faster. Users who downloaded and installed updates from Windows Update in the past have most likely noticed how slow the downloads and updates would be commenced even on modern computer systems with broadband connections.

Patchmate XP (via Technix Update) can be downloaded as an ISO image from the developer’s website. It can then be burned to CD or DVD to be executed right from within the Windows XP operating system. The user interaction has been reduced to a minimum.

Patchmate XP will detect the Windows XP Service Pack and install the Windows XP updates based on the detection. Only post service Pack 3 updates would for example be installed on a computer system running Windows XP Service Pack 3.

The patches will be installed even if they are already present on the computer system. A restart is required at the end of the update.

An option to exclude updates from being applied would be helpful to cope with scenarios where updates cause problems on a computer system. Another useful feature would be the creation of a system restore point prior to installing the Windows XP updates.

Windows XP Updates can also be applied by programs like Offline Update, Autopatcher or Windows Updates Downloader.

This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update is available on Windows Update and Microsoft Update. Additional information and links can be found at the Security Bulletin that has been created for the security vulnerability. Users of affected software programs are encouraged to perform the security update as soon as possible.

Update Notifier is an alternative software updates checker which can be installed or run as a portable application. The program uses a clean interface that displays the installed version of scanned software programs, the latest known version in the database and a link to a website from where the application can be downloaded in case a newer version is available. The results were correct for all tested applications which is something that several of the previously tested software updater failed in.

A click on the download button will open the website of the software developer that contains information about the application. It takes another two clicks to start the download that is available directly from the same website. There is unfortunately no direct link to the website of the software developer itself to verify the findings or to download the software from there.

Update Notifier can be configured to filter the results list. Filters include the listing of only commercial or free software as well as listings based on the type of update available. The program can also be pointed at a folder on the local computer system containing portable applications to check those for updates as well.

Windows Update can cause problems on some computer systems. The first and probably most common problem that is encountered is the error message “The site cannot continue because one or more of these Windows services is not running” (read: Windows Update Error services not running for a detailed explanation). This message is caused by several Windows Services that need to be set to specific parameters for Windows Update to work.

One of these services that are required for Windows Update to function properly is Bits, the Background Intelligent Transfer Service. Bits can cause additional problems on some computer systems especially after uninstalling software programs like antivirus or security programs or after an infection and removal of computer viruses and other malicious software. Most users will experience the following: Bits is not running on the computer system and the attempt to start it will result in an error message. The error messages can vary and it is probably a good idea to perform a search for the error on the Internet.

Another solution is to use the Fix Windows Update program that has been specifically designed to fix problems with Bits and Windows Update. Here are the instructions on how to use the program:

• First click “Open Services Window”.
• After the window has been opened, find a Service called “BITS” and see if it is running.
• If it is, this program cannot help you, and you can exit the program.
• If it is not running, close the Services window and click on “Start BITS”.
• If it is successful, this program has helped you and you can close the program.
• If starting the BITS fails, continue with other 2 buttons.

Start by clicking on the Phase 1 button. A popup will appear if the program was able to fix and start Bits. If this did not work continue by pressing the Phase 2 button. This will take longer and should result in a popup containing the information that Bits started running again. There might be cases where the Fix Windows Update program is not successful in restoring the Windows Update functionality. The only possible solution in this case is research on the Internet to find the cause of the problem.

Users who are desperate to update their Windows operating system can use the following tools to do so even if Bits and Windows Update are not working: Windows Offline Update, Update Windows Without Microsoft or Autopatcher.

This week’s update of the week award goes to Locate32 which got updated to Locate 3.1.8.9210 Release Candidate 3 which is an excellent program to search Windows. It can search for files and contents and makes use of a database that needs to be updated regularly in the background to be effective.

• µTorrent 1.8.1. Build 12323 Beta – Lightweight, fast and easy to use Bittorrent client.
• AIMP 2.5 Build 297 RC4 – A great audio player resembling Winamp.
• CDBurnerXP Pro 4.2.1.976 – Free CD burning application that supports the usual most common operations.
• Cobian Backup 9.1.1.193 – A versatile computer backup software program.
• CodecInstaller 2.10.2 – Analyzes a multimedia file telling the user which codecs are needed to play it.
• doPDF 6.1.274 – Creates a virtual printer in Windows that can convert documents into PDF.
• DVD Flick 1.3.0.2 – DVD authoring software that can turn video files stored on the computer into video DVDs that play on DVD players.
• DVDFab HD Decrypter 5.0.9.5 Beta – Copies DVD movies to the computer hard drive removing copy protection in the process.
• FileZilla 3.1.3 – Open Source ftp client with good functionality.
• foobar2000 0.9.5.6 – An advanced audio player with great options and plugins.
• Foxit Reader 2.3 Build 3309 – Foxit Reader is an excellent PDF reader that can be used instead of Adobe Reader.
• Free Download Manager 2.6.805 Beta – Another popular Windows download manager.
• Google Chrome 0.2.152.1 Beta – New beta version of the Google web browser.
• Hitman Pro 3.0.0.2465 Beta – A tool that installs and uses multiple anti-spyware utilities to scan a computer system.
• IE7pro 2.4 – The one add-on for Internet Explorer that everyone should have installed.
• Locate 3.1.8.9210 RC3 – Probably the fastest way to search Windows.
• Microsoft Office Outlook Connector 12.1 Beta 2 – Users of Microsoft Outlook 2003 and Outlook 2007 can use this application to work with Microsoft Windows Live Hotmail or Microsoft Office Live Mail accounts.
• Microsoft Photosynth 2.0.1403.12 – Interesting technology by Microsoft that analyzes sets of photos to create a 3D model of the object.
• Microsoft Pro Photo Tools 2.2 – Microsoft photo organizer and editor that makes use of metadata properties.
• Mozilla Firefox 2.0.0.17 – Latest version of Firefox 2 for those who have not yet updated to Firefox 3.
• OpenOffice.org 3.0.0 RC2 – The second release candidate of the Open Source Office suite.
• openSUSE 11.1 Beta 1 – First beta version of the upcoming Open Suse 11.1.
• Opera 9.60 Build 10433 Beta – Another beta version of the upcoming Opera 9.6 browser.
• Orbit Downloader 2.7.6 – A download manager that integrates nicely into the most popular web browsers. Comes with support for various video and multimedia portals.
• PC Wizard 2008.1.86 – Tool to identify and display system information.
• PDFCreator 0.9.6 – Another virtual printer solution that converts documents into PDF files.
• PeerAware 1.01 – Share spreadsheets, presentations and documents in private environments.
• Picasa 3.0 Build 57.24 Beta – Google’s image organizer and viewer.
• Pictomio 1.2.20 Beta – Another image organizer with geotagging add-on.
• RivaTuner 2.11 – A NVIDIA video card tweaker.
• Stellarium 0.10.0 Beta – A program that renders realistic (night-) skies.
• SUMo 2.3.3.59 – Software Update Monitor scans the Windows system for installed software and updated version of those applications on the Internet.
• VirtualDub 1.8.6 Build 30009 – Video capturing and manipulation software.
• VSO Image Resizer 2.0.1.11b – Straightforward image resizer that unfortunately comes with a nag screen.
• WildBit Viewer 5.3 Alpha 3.0 – A fast image viewer for Windows.
• WinBubble 1.76 – A tweaker and optimizer for Windows Vista.
• WinPatrol 15.9.2008.0 – Blocks applications from adding themselves as startup items or registering file extensions.
• Xfire 1.98 – The gamer’s instant messenger. Chat with your friends and see what they are playing.
• XnView 1.95 Beta 2 – Fast image viewer.

Feel free to add any missing application update in the comments.