Security Tuesday has arrived as I mentioned last week in my Security Update Tuesday Approaching on 10 Nov 2009 post. So before you read this head to Windows Update and get your system updating to keep it protected.
As expected we have more info on the six vulnerabilities:
Severity Rating: Critical – Revision Note: V1.0 (November 10, 2009): Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
Severity Rating: Critical – Revision Note: V1.0 (November 10, 2009): Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Severity Rating: Critical – Revision Note: V1.0 (November 10, 2009): Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker’s site.
Severity Rating: Important – Revision Note: V1.0 (November 10, 2009): Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Severity Rating: Important – Revision Note: V1.0 (November 10, 2009): Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Severity Rating: Important – Revision Note: V1.0 (November 10, 2009): Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Related Posts
- Security Bulletins for September 2009
- July 2011 Patch Tuesday Security Bulletin Details Released
- Microsoft Security Bulletin Summary for June 2010 Patch Tuesday
- September 2011 Patch Tuesday Details
- January 2011 Patch Tuesday Summary
Richard is the Owner of WindowsObserver.com and has been involved in tech for over 25 years. His first website – AnotherWin95.com – came online in 1995. Back then he used GeoCities Web Hosting for it and what you see here today is the result of the work he has continued on the site since 1995. In January 2010 his community contributions were recognized by Microsoft when he was awarded the Most Valuable Professional (MVP) Award for Windows Desktop Experience. In January 2011 he was renewed as a Microsoft MVP but in a new category called Windows Expert - Consumer and in January 2012 he received the award for the third time.
This post first appeared on WindowsObserver.com. If you enjoyed it please make sure you subscribe to the RSS feed and join our Facebook Fan Page to stay up to date.
Subscribe to
New blog post: November 2009 Security Updates Released http://bit.ly/3jX09q
[...] November 2009 Security Updates Released – November 10, 2009 [...]