Overview of the August 09 Patch Tuesday Update

Article by George Norman (Cybersecurity Editor)

on 12 Aug 2009

As is always the case with Microsoft, on the second Tuesday of the month, an update is released by the Redmond-based software developer. The update is meant to address issues and problems with various Microsoft products. This August, the Patch Tuesday update encompassed a total of 9 security bulletins affecting the Windows operating system as well as other products - Microsoft Office, .NET Framework, Microsoft Visual Studio, Microsoft ISA Server, and Microsoft BizTalk Server.

If you keep track of these things you already know this – especially since we already reported on this last week (just a little heads up to know what’s coming). You already know that out of the 9 security bulletins, 5 have been rated as critical (remote code execution) and 4 have been rated as important (elevation of privilege). What you don’t know is what these security bulletins refer to. Well, know that the August Patch Tuesday update has been rolled out, Microsoft has provided an update.

Before we take a closer look at the security bulletins included in the Patch Tuesday update, I would like to mention one thing. Microsoft has now applied the “change default behavior” in Internet Explorer that it announced back in July. Basically, IE will ask you if you want to set it as the default browser when you click the “express install” option.

Here are the 9 security bulletins that the August 09 Patch Tuesday update covers, as detailed by Microsoft (the first 5 are the critical ones):

MS09-043: Vulnerabilities in Microsoft Office Web Components
This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-044: Vulnerabilities in Remote Desktop Connection
This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-039: Vulnerabilities in WINS
This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

MS09-038: Vulnerabilities in Windows Media File Processing
This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL)
This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-041: Vulnerability in Workstation Service
This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

MS09-040: Vulnerability in Message Queuing
This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

MS09-036: Vulnerability in ASP.NET in Microsoft Windows
This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.

MS09-042: Vulnerability in Telnet
This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MSRC (Microsoft Security Response Center) team member Jerry Bryant also provided a handy overview chart.




Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all