Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             July 2009
             Emergency Patch Release July 2009
             August 2009
             September 2009
             October 2009
             November 2009
             December 2009
             January 2010
             Emergency Patch Release January 2010
             February 2010
             March 2010
             Emergency Patch Release March 2010
             April 2010
             May 2010
             June 2010
             July 2010
             August 2010
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> September 2009 08 September 2010  
Patch Tuesday September 2009

Microsoft released just five security bulletins for this month’s Patch Tuesday. All of September’s patches are classed as Critical and require immediate attention.

The patches relate to Microsoft Operating Systems. The majority of the supported operating systems are affected this month: Windows 2000, Windows XP, Windows 2003, Windows Vista, and Windows 2008. Two of the bulletins will require a reboot of the affected Windows Servers.

Microsoft’s new operating system, Windows 7, is not affected this month.

Similar to last month, these patches address fundamental issues relating to vulnerabilities in the operating system which could be used by attackers to compromise your systems. There are also a number of viruses and malware that could exploit these vulnerabilities if left open.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems, where appropriate, immediately.
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.
     
  • Update you Operating systems with the five critical patches (MS09-045, MS09-046, MS09-047, MS09-048, MS09-049).
     

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 08/09/2009

MS Link ITSL Summary Severity Affected Software Restart after patch

MS09-045

KB971961

 This patch fixes a flaw in the JavaScript engine of Internet Explorer that allows a remote code execution attack to be performed. Note that Windows 7 and Windows 2008 R2 are not affected by this issue. You should install this patch immediately. Critical Windows 2000, Windows XP, Windows 2003, Windows Vista, and Windows 2008 May Require Restart

MS09-046

KB956844

 Attackers can take advantage of the DHTML Editing Component ActiveX control to perform a remote code execution attack on Windows 2000, Windows XP, and Windows Server 2003 machines. The attacker gains the rights of the locally logged on user. You should install this patch in your next patch cycle; it shouldn’t be a problem if you currently disable ActiveX. Critical Windows 2000, Windows XP, Windows 2003 May Require Restart

MS09-047

KB973812

 This patch corrects two problems in which the Windows Media Format can be used to execute remote code execution attacks. This affects Windows Media Player users, as well as servers with Windows Media Services. Itanium 2003 and 2008 systems and Windows 7 and Windows 2008 R2 systems are not affected. Critical Windows 2000, Windows XP, Windows 2003, Windows Vista, and Windows 2008 May Require Restart

MS09-048

KB967723

 There are a number of issues with the TCP/IP handing in Windows Vista, Windows Server 2003, and Windows Server 2008. On Windows Server 2003, these issues are manifested as denial of service attacks; in Windows Vista and Windows Server 2008, the issues are full remote code execution vulnerabilities. Windows XP, Windows 7, and Windows Server 2008 R2 are not affected by this problem. You should install this patch immediately for any system directly connected to the Internet, and during the next patch cycle for systems that do not receive packets directly from the Internet. Critical Windows 2003, Windows Vista, and Windows 2008 Yes

MS09-049

KB970710

 A problem with the wireless Network Card systems on Windows Vista and Windows Server 2008 operating systems is allowing remote code execution attacks to occur. This is not a problem for systems without Wi-Fi or with Wi-Fi turned off. If you have a Windows Vista or Windows Server 2008 machine with Wi-Fi, you should install this patch immediately. Critical 2000, XP, Vista, 2003, 2008 Yes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.


We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009 IT ServiceLink LTD A Microsoft Small Business Specialist