Windows Enterprise Desktop

Mar 13 2009   4:38PM GMT

Patch Tuesday March 2009



Posted by: Ed Tittel
Tags:
KB958960
KB960224
MS09-006
MS09-007
MS09-008
Patch Tuesday
Windows Update

Tuesday, March 10, was the second Tuesday of the month, the day colloquially known to MS system administrators and security mavens as “Patch Tuesday.” Here’s a smorgasbord of the items that showed up in the list of 3/10/2009 items with relevance for Windows Vista:

  • MS09-006 Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (KB958690). This is first kernel vulnerability to come along for a while and as such affects all supported versions of Windows back to Windows 2000. Most fixes go the the Win32k.sys file, which ranks right up there with ntoskrnl.exe at the heart of Windows OSes everywhere. Update this one quick!
  • MS09-007 Vulnerability in SChannel Could Allow Spoofing (KB960225). This privately reported item, if exploited, could allow an attacker who gains access to end-user certificates to successfully impersonate (spoof) those users, but only when the public key component of an authentication certificate has also been obtained as well. This affects all supported versions of Windows as well. If you use end-user certificates as part of your authentication mechanisms, you’ll want to apply this update quickly as well.

Another bulletin (MS09-008) was also released with fixes for vulnerabilities in DNS and WINS Server code that could permit address spoofing for potential man-in-the-middle or site impersonation attacks. But you can leave these fixes for the server gang, unless you happen to take care of your organization’s servers as well.

For the record, only MS09-006 is rated Critical, while both MS09-007 and MS09-008 are rated Important. Given the nature of the related vulnerabilities, anyone who’s affected by either Important item should probably expedite pushing this update out as quickly as possible anyway. And of course any Critical item needs to make its way onto Vista (and other Windows) machines as soon as circumstances and testing/deployment requirements permit.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: