Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             July 2009
             Emergency Patch Release July 2009
             August 2009
             September 2009
             October 2009
             November 2009
             December 2009
             January 2010
             Emergency Patch Release January 2010
             February 2010
             March 2010
             Emergency Patch Release March 2010
             April 2010
             May 2010
             June 2010
             July 2010
             August 2010
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> December 2009 08 September 2010  
Patch Tuesday December 2009

Microsoft has released 6 security bulletins for this month's Patch Tuesday.

Three are rated as Critical and the other three have a rating of Important.

Yet again this month no patches were released for Windows 7. We are continuing our monitoring of Windows 7 as well as increasing our evaluation in a working office environment. Our early results suggest things are looking positive for this new Operating System.

The patches relate to Microsoft Operating Systems and software. The majority of the supported operating systems are affected this month - Windows 2000, Windows XP, Windows 2003, Windows Vista and Windows 2008. Pay particular attention to Internet Explorer and Microsoft Project. All of the patches either need a system reboot or may need a system reboot

As usual, these patches address fundamental issues relating to vulnerabilities in the operating system or software which could be used by attackers to compromise your systems. There are a number of viruses and malware that could exploit these vulnerabilities making them a real threat if left open.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately.
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment
     
  • Update you Operating systems with this latest round of patches (MS09-071, MS09-074, MS09-072, MS09-069, MS09-070, MS09-073)

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 08/12/2009

MS Link ITSL Summary Severity Affected Software Restart after patch

MS09-069

KB974392

 In simple terms this patch fixes a vulnerability that could be used to make the system affected unresponsive. Although not critical, path during your next round of updates Important Windows 2000, Windows XP, Windows 2003 Yes

MS09-070

KB971726

 ADFS (Active Directory Federation Services) has a vulnerability that allows a remote user to run remote code. The attacker does need to be authenticated to access the exploit. If you run ADFS then patch immediately if not wait until your next scheduled updates Important Windows 2003 and Windows 2008 Yes

MS09-071

KB974318

 Problems with Microsoft Internet Authentication Server in Windows can lead to remote code execution vulnerabilities when working with MS-CHAP v2 authentication. This is important if you run IAS and should be installed immediately Critical Windows 2000, Windows XP, Windows 2003,
Windows Vista  and Windows 2008		 Yes

MS09-072

KB976325

 This patch fixes five issues in Internet Explorer which can result in remote code execution exploits, some via specially crafted Web pages and some through ActiveX. The criticality matrix on this patch is crazy. Install immediately Critical Internet Explorer 5, 6, 7 & 8 Yes

MS09-073

KB975539

 Issues in WordPad and some versions of Office allow an attacker to perform remote code execution exploits with a bad Word 97 file.. Although Microsoft doesn’t consider this a top level issue due to the widespread use of Office files and users general lack of understanding we believe you should install the patch immediately Important Windows 2000, Windows XP, Windows 2003, Office XP, Office 2003, Works 8.5, Office Converter Pack Yes

MS09-074

KB967183

 This is yet another vulnerability that specially crafted files could be used to run remote code execution. Install this patch immediately Critical MS Project 2000, 2002, 2003 May Require Restart

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009 IT ServiceLink LTD A Microsoft Small Business Specialist