Blog

Home > Microsoft Security > Microsoft Security Bulletin March 2009

Microsoft Security Bulletin March 2009

Contents

Use these tables to learn about the security updates that you may need to install. The vulnerabilities are listed in order of bulletin ID and CVE ID. Customers in the U.S. Important SpoofingRequires restartMicrosoft Windows MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS http://getbetabox.com/microsoft-security/microsoft-security-bulletin-march-2011.html

Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion The content you requested has been removed. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. https://technet.microsoft.com/en-us/library/security/ms09-mar.aspx

Ms09-035 Download

For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed at http://www.microsoft.com/security/msrc/mapp/partners.mspx. Security Advisories and Bulletins Security Bulletin Summaries 2009 2009 MS09-APR MS09-APR MS09-APR MS09-DEC MS09-NOV MS09-OCT MS09-SEP MS09-AUG MS09-JUL MS09-JUN MS09-MAY MS09-APR MS09-MAR MS09-FEB MS09-JAN TOC Collapse the table of content Expand

The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Detection and Deployment Guidance Microsoft has provided detection and deployment guidance for this month’s security updates.

Non-Security, High-Priority Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services Ms09-035 Superseded V5.0 (August 19, 2009): Added footnote for bulletin MS09-028 to clarify the affected software for DirectX 8.1. We appreciate your feedback. https://technet.microsoft.com/en-us/library/security/ms09-apr.aspx Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry.

All submitted content is subject to our Terms of Use. Moderate Elevation of PrivilegeRequires restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. Legal Information . Detection and Deployment Tools and Guidance Security Central Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization.

Ms09-035 Superseded

Important SpoofingRequires restartMicrosoft Windows Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. This bulletin spans both Windows Operating System and Components and Microsoft Server Software. Ms09-035 Download Security updates are also available at the Microsoft Download Center. Ms09-062 Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful?

New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows. news Revisions V1.0 (March 10, 2009): Bulletin summary published. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable. Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Ms11-025

V1.1 (March 11, 2009): Finder information for MS09-008 updated. To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT This documentation is archived and is not being maintained. have a peek at these guys For more information about how to contact Microsoft for support issues, visit International Help and Support.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After this date, this webcast is available on-demand. Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems.

Obtaining Other Security Updates Updates for other security issues are available from the following locations: Security updates are available from Microsoft Download Center.

All customers who have already installed the original update are already protected. You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. All rights reserved. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion

You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. How do I use this table? Notes for MS09-028 ***The update for DirectX 8.1 also applies to DirectX 8.1b. ****The update for DirectX 9.0 also applies to DirectX 9.0a, DirectX 9.0b, and DirectX 9.0c. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-2009.html V1.1 (July 15, 2009): Updated Executive Summary for MS09-032; corrected restart requirement for MS09-029; and performed miscellaneous edits.

For more information about the Microsoft Update Catalog, see the Microsoft Update Catalog FAQ. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. Microsoft is hosting a webcast to address customer questions on these bulletins on March 11, 2009, at 11:00 AM Pacific Time (US & Canada). For more information, see Microsoft Knowledge Base Article 910723.

An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.0 An attacker who successfully exploited this vulnerability could take complete control of an affected system. Preview post Submit post Cancel post You are reporting the following post: Microsoft Security Bulletins for March 2009 This post has been flagged and will be reviewed by our staff.

However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers of this software apply this security update. JPCERT/CC serves as Secretariat for APCERT. Security updates are also available at the Microsoft Download Center. Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity.

You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) CVE-2009-0235 1 - Consistent exploit code likelyThis memory corruption vulnerability is easily exploitable. MS09-014 Cumulative Security Update for Internet Explorer (963027) CVE-2009-0553 3 - Functioning exploit code unlikely(None) MS09-014 Cumulative Security Update for Internet Explorer (963027) CVE-2009-0554 1 - Consistent exploit code likely(None) MS09-015 Blended