Microsoft Security Patches September 2009
Microsoft has released the security patches for September 2009 which fix browser and web based attacks in various Microsoft programs and operating systems. All security patches have a critical or important security rating and are users who work with these software programs or operating systems should update them as soon as possible to protect their system from these attacks.
Microsoft has released two charts that show the severity and exploitable index and the deployment priority. The former interesting for all users while the latter probably only for network administrators.
- Microsoft Security Bulletin MS09-045 - Critical - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) - This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Microsoft Security Bulletin MS09-046 - Critical - Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) - This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Microsoft Security Bulletin MS09-047 - Critical - Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) - This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Microsoft Security Bulletin MS09-048 - Critical - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) - This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
- Microsoft Security Bulletin MS09-049 - Critical - Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) - This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.
The patches can be download and applied by visiting the pages that are linked above or by using any of the update options that are provided by Microsoft operating systems including Windows Update, Automatic Updates or Microsoft Updates. Additional information can be found at the Microsoft Technet page.
We need your help
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Hoi Martin (It starts to be a very little bit of a tradition) like a write to you every month thanks one million, for this very clear – and handy article. A new this month are the graphs which I highly appreciate. Hopefully you make it possible to the next times graphs that I can enlarge (improve), them in a new tab?
If Microsoft posts graphs next month I will post them and make sure that you can enlarge them, good point. You can get the full image by removing the width and height information from the pictures, e.g.
https://www.ghacks.net/wp-content/uploads/2009/09/severity_and_exploitability_index.PNG
These new updates appear to have knocked out my Cisco Lynksys WTR120N wireless router after, or during, downloading. When our other two wireless PC’s are connected (one using XP and the other on Vista Home) the wireless connections do not work; however, these two PC’s work fine when connected by cable to this new router. Thoughts?
Thanks for the information. I believe it will solve those prob’s.. :)