I posted yesterday about today being Patch Tuesday for September 2009 but there were not many details about the specific vulnerabilities. We knew they were critical and affected Windows but that was about it.
Well as they have made the updates for these issues available they also updated the details about the vulnerabilities.
Here are the executive summaries from Microsoft’s updated Security Bulletin Summary for September 2009:
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
So if your automatic updates have not picked these up yet why not head over to your Windows Update and get them downloaded and installed.
Stay safe out there.
Related Posts
- July 2011 Patch Tuesday Security Bulletin Details Released
- November 2009 Security Updates Released
- Microsoft Security Bulletin Summary for June 2010 Patch Tuesday
- September 2011 Patch Tuesday Details
- October 2011 Patch Tuesday Related Bulletins Released
Richard is the Owner of WindowsObserver.com and has been involved in tech for over 25 years. His first website – AnotherWin95.com – came online in 1995. Back then he used GeoCities Web Hosting for it and what you see here today is the result of the work he has continued on the site since 1995. In January 2010 his community contributions were recognized by Microsoft when he was awarded the Most Valuable Professional (MVP) Award for Windows Desktop Experience. In January 2011 he was renewed as a Microsoft MVP but in a new category called Windows Expert - Consumer and in January 2012 he received the award for the third time.
This post first appeared on WindowsObserver.com. If you enjoyed it please make sure you subscribe to the RSS feed and join our Facebook Fan Page to stay up to date.
Subscribe to
RT @WinObs: New blog post: Security Bulletins for September 2009 http://bit.ly/13G0v2
New blog post: Security Bulletins for September 2009 http://bit.ly/13G0v2
[...] Security Bulletins for September 2009 – September 8, 2009 [...]
On Twitter, Ed Aractingi said: RT @WinObs: New blog post: Security Bulletins for September 2009 http://bit.ly/13G0v2
More on Topsy.com
On Twitter, Windows Observer said: New blog post: Security Bulletins for September 2009 http://bit.ly/13G0v2
More on Topsy.com