November 09 Patch Tuesday Detailed
Article by George Norman
On 11 Nov 2009
Yesterday, the 9th of November, Redmond-based software giant Microsoft released updates for the Windows operating system and for the Microsoft Office productivity suite. The only thing we’ve known until now is that the Patch Tuesday release was made up of 6 security bulletins (3 critical and 3 important) that addressed a total of 15 vulnerabilities.

Actually we did know a bit more than that. We knew that bulletins 1 through 3 apply to the Microsoft developed Windows operating system. The vulnerabilities are critical; they allow for remote code execution. After the update has been applied, the user has to restart the PC. Bulletin 4 also affects the Windows OS, but is rated as important (denial of service). It too requires a restart. Bulletins 5 and 6 are rated important, allow for remote code execution, require restart and apply to Microsoft Office. We also knew that none of the 6 bulletins applied to Windows 7.

Advertising

Now that the Patch Tuesday release has come and gone, Microsoft has made public a few more details about the 6 security bulletins. Here they are:

MS09-063
Critical vulnerability in Web Services on Devices API on the Windows operating system. The vulnerability, if exploited by someone with malicious intent, could lead to remote code execution.

MS09-064
Critical vulnerability License Logging Server on Windows 2000. If a person with malicious intent sent a specially crafted network message to a computer running the License Logging Server, it could lead to remote code execution.

MS09-065
Critical and important vulnerabilities affecting the Windows Kernel-Mode Drivers. If a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font, it could lead to remote code execution (this is the most severe vulnerability).

MS09-066
Important vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) that could lead to denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests.

MS09-067
Important vulnerabilities in Microsoft Office Excel that could lead to remote code execution of the user would open a specially crafted Excel file.

MS09-068
Important vulnerability in Microsoft Office Word that could lead to remote code execution of the user were to open a specially crafted Word file.

The Microsoft Security Response Center (MSRC) has provided these visual representations of the November 2009 Patch Tuesday update.





Additional details about the November 2009 Patch Tuesday are available here.



Tags: Microsoft, Patch Tuesday, Update, Windows, Office
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
November 09 Patch Tuesday Detailed
HTML Linking Code