« Critical Security Vulnerabilities in Adobe Shockwave Player | Main | Arrests Made for ZBot / Zeus Trojan »
11/16/2009
November 2009 Microsoft Patches Several Programs
Kevin R. Smith
Co-Editor
Co-Editor
With the November 2009 Microsoft "Patch Tuesday," as it's called, there were a number of important security exploits that were dealt with.
If you haven't recently updated your Windows OS, we urge you to do so now. Here's one way to to so:
- Open Internet Explorer
- Click Tools
- Windows Update
- Select "Express" or "Custom"
- Select All applicable updates
- Download & install updates
Now for our take on the latest vulnerabilities and patches...
| Microsoft Security Bulletin ID | Microsoft Knowledge Base Article ID | |
|---|---|---|
| MS09-063 | 973565 | |
| Vulnerability Summary | Vulnerability in License Logging Server Could Allow Remote Code Execution | |
| Executive Summary Highlights | This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. |
|
| Our Take | This vulnerability affects a ton of different systems, and while Microsoft says an attacker would have to be on the same local subnet, they leave out an important detail as to what this means. What they don't explain is that this means anyone using a free wireless connection (i.e. like those at the airport or a coffee shop) could easily be affected, and the way wireless works, the attacker wouldn't necessarily have to be in the same room as you. They could be around the corner or even down the street Microsoft rates this as "Critical." |
|
| Microsoft Security Bulletin ID | Microsoft Knowledge Base Article ID | |
|---|---|---|
| MS09-064 | 974983 | |
| Vulnerability Summary | Vulnerability in License Logging Server Could Allow Remote Code Execution | |
| Executive Summary Highlights | This security update resolves a privately reported vulnerability in Microsoft Windows 2000. |
|
| Our Take | This vulnerability only affects Windows 2000 systems, but if you're still running W2K, Microsoft gives this vulnerability a "critical" rating. So, even if you are running antivirus firewall software (which should help mitigate the risk from this vulnerability), you should still patch your machine(s). Microsoft rates this as "Critical." |
|
| Microsoft Security Bulletin ID | Microsoft Knowledge Base Article ID | |
|---|---|---|
| MS09-065 | 969947 | |
| Vulnerability Summary | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution | |
| Executive Summary Highlights | This security update resolves several privately reported vulnerabilities in the Windows kernel. |
|
| Our Take | Pretty much every Windows system appears to be affected except for Windows 7. There are some caveats to this for Vista and Windows Server 2008, so if you're running either of those OSes you should consult the Security Bulletin and Knowledge Base Article for complete details. This is a classic case where, as Microsoft points out, you can get a virus or other malware installed on your machine just from visiting a web site. And, as they also point out, it's also possible for your machine to be infected if someone has taken over a site you trust or if you're visiting a site that has user-provided content. While this is unlikely to affect Facebook, this is the type of thing Microsoft is talking about: sites where the users provide content--even things like chat or forums. This is also a classic case where Internet security software is often able to minimize the risks from these types of attacks. Microsoft rates this as "Critical." |
|
| Microsoft Security Bulletin ID | Microsoft Knowledge Base Article ID | |
|---|---|---|
| MS09-066 | 973309 | |
| Vulnerability Summary | Vulnerability in Active Directory Could Allow Denial of Service | |
| Executive Summary Highlights | This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). |
|
| Our Take | Lots of affected systems with this one, although apparently only systems running
|
|
| Microsoft Security Bulletin ID | Microsoft Knowledge Base Article ID | |
|---|---|---|
| MS09-067 | 972652 | |
| Vulnerability Summary | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution | |
| Executive Summary Highlights | This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. |
|
| Our Take | Anyone running Microsoft Excel is likely to be affected, and while MS rates this as only "Important," we have to beg to differ. We believe this merits a "critical" rating since so many people run Excel and since all versions of the exploit allow for remote code execution. Anytime there's remote code execution, it means an attackers may be able to completely take over your system. Better safe than sorry. If you're running an older version of Windows like Windows 2000 or Windows XP, you'll need to manually update your Microsoft Office to get this patch. Here's one way to do it:
Microsoft rates this as "Important." |
|
| Microsoft Security Bulletin ID | Microsoft Knowledge Base Article ID | |
|---|---|---|
| MS09-068 | 976307 | |
| Vulnerability Summary | Vulnerability in Microsoft Office Word Could Allow Remote Code Execution | |
| Executive Summary Highlights | This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. |
|
| Our Take | As with the above Excel vulnerability, there are many affected people because practically everyone runs Microsoft Word. You're at less risk if you're running the best antivirus software and if you're not using the Administrator account (or an account with Administrator privileges), but this is another update to be sure you get. Microsoft rates this as "Important." |
|
The comments to this entry are closed.
Comments