Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             Archive
                July 2009
                Emergency Patch Release July 2009
                August 2009
                September 2009
                October 2009
                November 2009
                December 2009
                Emergency Patch Release January 2010
                January 2010
                February 2010
                Emergency Patch Release March 2010
                March 2010
                April 2010
                May 2010
                June 2010
                July 2010
                August 2010
                September 2010
                October 2010
                November 2010
                December 2010
                January 2011
             February 2011
             March 2011
             April 2011
             May 2011
             June 2011
             July 2011
             August 2011
             September 2011
             December2011
             January 2012
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> Archive >> November 2009 08 February 2012  
Patch Tuesday November 2009

Microsoft have released 6 security bulletins for this month's Patch Tuesday.

Three are rated as Critical and the other three have a rating of Important.

Interestingly, no patches were released for Windows 7 again this month. We are monitoring the general functionality and feedback as Windows 7 is adopted around the globe, but currently it’s another positive for Windows 7.

The patches relate to Microsoft Operating Systems and software. The majority of the supported operating systems are affected this month - Windows 2000, Windows XP, Windows 2003, Windows Vista and Windows 2008. All of the patches either need or may need a system reboot.

As usual, these patches address fundamental issues relating to vulnerabilities in the operating system or software which could be used by attackers to compromise your systems. There are a number of viruses and malware that could exploit these vulnerabilities making them a real threat if left open.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment
     
  • Update you Operating systems with the six critical patches (MS09-063, MS09-064, MS09-065, MS09-066, MS09-067, MS09-068)

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 10/11/2009

MS Link ITSL Summary Severity Affected Software Restart after patch

MS09-063

KB973565

 An attacker on the local subnet (A portion of your network) only could use a cleverly created peice of data to perform a remote execution attack against Vista and 2008. Although the chances of this happening are very slim there is still chance so get this patched ASAP Critical Windows Vista and Windows 2008 Yes

MS09-064

KB974783

 The License Logging Server on Windows 2000 allows attackers to perform remote executions against the machine. Patch ASAP Critical Windows 2000 Yes

MS09-065

KB969947

 There are a few of problems with the Windows kernel that allow potential attackers with cleverly created fonts to attack the system. On 2000, XP, and 2003, these are remote code execution exploits. On Vista and 2008, there are escalation of privileges attacks. Patch ASAP Critical Windows 2000, Windows XP, Windows 2003,
Windows Vista  and Windows 2008		 Yes

MS09-066

KB973037

 A problem with various active Directory systems allows cleverly developed LDAP queries (software requests) to clog up Active Directory system on servers. Important but can wait until your next update process Important Windows 2000, Windows XP, Windows 2003
and Windows 2008		 Yes

MS09-067

KB973593

 There are a number of problems with software that can open Excel files. If a “hacked” Excel files is opened it can lead to a remote code execution exploit.  Although Microsoft has marked this as important we recommend applying this patch ASAP as most users open an excel file without any further consideration Important Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Converter for Mac, Excel Viewer 2003, Office Compatibility Pack 2007 SP1 and SP2 May Require Restart

MS09-068

KB976307

 In a similar way to the Excel problem above Important Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Converter for Mac, Word Viewer May Require Restart

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009-2011 IT ServiceLink LTD A Microsoft Small Business Specialist