Microsoft Security Updates December 2009

Martin Brinkmann
Dec 9, 2009
Updated • Jan 3, 2017
Security
|
2

Microsoft has released a new batch of security updates on this month's Patch Tuesday which patch various security vulnerabilities in Microsoft software products.

The vulnerabilities are affecting several popular Microsoft products including various Windows operating systems, Microsoft Internet Explorer and Microsoft Office.

Three of the vulnerabilities have a maximum severity rating of critical while the other three are rated as important. The vulnerability impact is either a remote code execution, or denial of service attack.

It is recommended to patch computer systems and programs that are affected by these vulnerabilities as soon as possible to block attacks that exploit these issues.

  • MS09-071 - Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) - This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication.
  • MS09-074 - Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) - This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS09-072 - Cumulative Security Update for Internet Explorer (976325) - This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; this vulnerability has been described in Microsoft Security Advisory 973882 and Microsoft Security Bulletin MS09-035.
  • MS09-069 - Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
  • MS09-070 - Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
  • MS09-073 - Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) - This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

Patches can be downloaded from the usual sources including Automatic Update, Windows Update, Microsoft Update or by following the links of individual vulnerabilities above.

Summary
Article Name
Microsoft Security Updates December 2009
Description
Microsoft has released a new batch of security updates on this month's Patch Tuesday which patch various security vulnerabilities in Microsoft software products.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Q said on December 10, 2009 at 9:41 am
    Reply

    Microsoft Corporation was late in releasing the updates for Windows 2000 family operating systems. The December 2009 updates were not available on patch Tuesday, but are now available.

  2. paul(us) said on December 9, 2009 at 5:50 pm
    Reply

    Thank you for this very useful article like every month for this item a very useful guide. Although I can well imagine this is very much work every mounth i should be ferry grateful if you persevere.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.