Windows Enterprise Desktop

Jun 10 2009   4:43PM GMT

Patch Tuesday June09: A Real Whopper!



Posted by: Ed Tittel
Tags:
Enterprise Vista
enterprise Vista desktop
MS09-018
MS09-019
MS09-020
MS09-021
MS09-022
MS09-023
MS09-024
MS09-025
MS09-026
MS09-027
Patch Tuesday

OK, so yesterday’s Patch Tuesday does the deed for June. It’s a monster: 10 security bulletins, 31 vulnerabilities addressed, and involving most versions of Windows itself, IE, and various MS Office and related elements (Works, Word, and Excel). Even the Windows Print Spooler and OS Kernel get in on the act!

Of the 10 bulletins issues, half (5) are critical, and fill some gaping widely-known holes in MS security. Chief among these: the dual WebDAV gothas for IIS publicized in May (explained in this Ryan Naraine blog from 5/19) and the infamous Pwn2Own vulnerability discovered in March at the CanSecWest conference in Vancouver.

I downloaded mine for Vista yesterday and they appear to have installed and taken without a hitch. You’ll probably want to start testing these right away, if you don’t plan to deploy them as-is.

Bulletin ID Rating Target Remarks
MS09-018 Critical Active Directory, Server 2000/203 2 remote code execution items
MS09-019 Critical IE version 5-8 8 vulnerabilities, including remote code execution items
MS09-020 Important IIS 2 vulnerabiliites allowing elevation of privilege
MS09-021 Critical MS Excel 7 vulnerabilities including remote code execution
MS09-022 Critical Windows Print Spooler 3 vulnerabilities, including remote code execution (Windows
MS09-023 Moderate Windows Search Single vulnerability could allow info disclosure
MS09-024 Critical Microsoft Works converter Could allow remote code execution
MS09-025 Important Windows kernel 4 vulnerabilities that could allow elevation of privilege
MS09-026 Important RPC Could allow execution of arbitrary code or takeover
MS09-027 Critical MS Word 2 vulnerabiltiies could allow remote code execution

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: