Patch Tuesday June09: A Real Whopper!

Ed Tittel — Wed, 10 Jun 2009 16:43:49 +0000

OK, so yesterday’s Patch Tuesday does the deed for June. It’s a monster: 10 security bulletins, 31 vulnerabilities addressed, and involving most versions of Windows itself, IE, and various MS Office and related elements (Works, Word, and Excel). Even the Windows Print Spooler and OS Kernel get in on the act!

Of the 10 bulletins issues, half (5) are critical, and fill some gaping widely-known holes in MS security. Chief among these: the dual WebDAV gothas for IIS publicized in May (explained in this Ryan Naraine blog from 5/19) and the infamous Pwn2Own vulnerability discovered in March at the CanSecWest conference in Vancouver.

I downloaded mine for Vista yesterday and they appear to have installed and taken without a hitch. You’ll probably want to start testing these right away, if you don’t plan to deploy them as-is.

Bulletin ID	Rating	Target	Remarks
MS09-018	Critical	Active Directory, Server 2000/203	2 remote code execution items
MS09-019	Critical	IE version 5-8	8 vulnerabilities, including remote code execution items
MS09-020	Important	IIS	2 vulnerabiliites allowing elevation of privilege
MS09-021	Critical	MS Excel	7 vulnerabilities including remote code execution
MS09-022	Critical	Windows Print Spooler	3 vulnerabilities, including remote code execution (Windows
MS09-023	Moderate	Windows Search	Single vulnerability could allow info disclosure
MS09-024	Critical	Microsoft Works converter	Could allow remote code execution
MS09-025	Important	Windows kernel	4 vulnerabilities that could allow elevation of privilege
MS09-026	Important	RPC	Could allow execution of arbitrary code or takeover
MS09-027	Critical	MS Word	2 vulnerabiltiies could allow remote code execution

Windows Enterprise Desktop » MS09-026

Patch Tuesday June09: A Real Whopper!