Posted by: Ed Tittel
April 2009 Scheduled Updates, Enterprise Vista, Microsoft Patch Tuesday, MS09-009, MS09-010, MS09-011, MS09-012, MS09-013, MS09-014, MS09-015, MS09-016, Windows security updates
Patch Tuesday items hit yesterday between 1:00 and 1:30 PM Central Daylight Time on servers that I could see. The MS09-April Bulletin Summary from Microsoft covers all the details, but here’s what I hope is a good overview and synopsis of what you’ll find therein. Interestingly, none of this stuff is reflected in updates pushed (or rather, not pushed) for the Windows 7 beta now underway. I’m guessing that MS doesn’t patch betas the same way it does production code, and is probably seeking to avoid additional release cycles.
Here’s a table for the 8 security bulletins published for the patches/fixes/updates pushed yesterday, in bulletin order. The ID/Link column provides the standard MS security bulletin IDs, which range from MS09-009 through MS09-016 for this month; Critical updates are bolded, Important ones in italics, Moderate in plain text. The Title column repeats the Microsoft bulletin title verbatim with the related KB article number in parentheses trailing, while Vulnerabilities data take the form n/m where n is the number of public vulnerabilities addressed, and m the number of private ones addressed, by a bulletin. SW Affected lists the OSes and applications affected; where Windows is bolded, Vista is included.
|MS09-009||Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)||1/1||Office 2000-2007|
|MS09-010||Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)||2/2||Windows, Office 2000-2007|
|MS09-011||Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)||0/1||Windows|
|MS09-012||Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)||4/0||Windows|
|MS09-013||Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)||1/2||Windows|
|MS09-014||Cumulative Security Update for Internet Explorer (963027)||4/2||IE6 and IE7, including Vista|
|MS09-015||Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)||1/0||Windows|
|MS09-016||Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)||1/1||ISA & ForeFront Security|
Only the items with Vista explicitly mentioned or with Windows in bold will be of interest to those who manage only Vista desktops. As usual, I include everything because few people on the job are actually in that position and must usually also manage updates for other MS platforms and applications as well. Time to get patchin!