dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA
 ·Verizon Online DSL
| Microsoft Security Bulletin(s) for November 10, 2009
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
»www.microsoft.com/technet/securi···nov.mspx
Critical (3)
Microsoft Security Bulletin MS09-063
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
»www.microsoft.com/technet/securi···063.mspx
Microsoft Security Bulletin MS09-064
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
»www.microsoft.com/technet/securi···064.mspx
Microsoft Security Bulletin MS09-065
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
»www.microsoft.com/technet/securi···065.mspx
Important (3)
Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)
»www.microsoft.com/technet/securi···066.mspx
Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
»www.microsoft.com/technet/securi···067.mspx
Microsoft Security Bulletin MS09-068
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
»www.microsoft.com/technet/securi···068.mspx
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Microsoft® Security MVP, 2004 - 2009
DP's Security Bits |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
 ·Cogeco Cable
2 edits | Thanks dp  for my XP Pro SP3 got 0ne update plus MSRT.
Edit: Ok just finished installing updates and needed to restart system, during system shut down i get a BSOD. So wondering if anyone else got this during reboot of their XP system? |
|
DrDemento
join:2005-07-25
Brick, NJ
1 edit | reply to dp
Only got KB969947 and KB890830 on all 3 XP Pro and Home machines-needed a reboot though. A very light month for updates-glad after the bunch I got last month. |
|
NICK ADSL UK
Premium,MVM
join:2004-02-22
| reply to dp
thanks don 
TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200)
Event ID: 1032407490
Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.
Duration: 90 Minutes
Start Date: Wednesday, November 11, 2009 11:00 AM Pacific Time (US & Canada)
Event Overview
On November 11, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the November security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.
Presenters: Jerry Bryant, Senior Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation
Register now for the november security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
NICK ADSL UK
Premium,MVM
join:2004-02-22
1 edit | reply to dp
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
Date Published: 10/11/2009
Win32/FakeVimes
Encyclopedia entry
Updated: Nov 10, 2009 | Published: Nov 04, 2009
»www.microsoft.com/downloads/deta···ylang=en
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
|  reply to dp
Applied patches to 2 Win7 Home 32 bit systems. No problems so far. No reboot needed. No Win7 patches this month except usual Malicious Software Removal Tool, but there were several Office patches.
|
|
siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC
·Bell Sympatico
| reply to dp
Four only for me, dp , MSRT, one for XP and two for MS Office. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | reply to dp
I have a nice, new box and only had 2 updates to add. I did have to reboot however. |
|
DSL_Steve
Premium
join:2003-11-28
Woodbury, CT | reply to dp
8 on each of 3 Vista PCs...2 Home Premium and 1 Home Basic. |
|
Tuulilapsi
Kenosis
join:2002-07-29
Finland
| reply to MarkAW
No problems of any kind identified here so far on XP, Vista or 7.
The MS09-065 EOT parsing vuln looks like a rather nasty one - remote code execution with privilege escalation?  |
|
Unknown_P
@verizon.net
| said by Tuulilapsi :The MS09-065 EOT parsing vuln looks like a rather nasty one - remote code execution with privilege escalation? »www.microsoft.com/technet/securi···065.mspx
quote:
Mitigating Factors for Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127
• An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Personally, I find nothing at all scary or nasty about that. I'm not even going to install that update.
But that's because I have no concerns about someone with malfeasance in mind sitting down and logging into my home computer.
Though a different story in a corporate environment, I suppose. |
|
Jrb2
Premium
join:2001-08-31
| reply to dp
Thanks Don.
On XP home SP3 (Dutch) with Office 2007 (for home and students; English) I got:
974561
Description of the update for Office Word 2007: November 2009
»support.microsoft.com/kb/974561
MSRT
969947 - MS09-065
Microsoft Security Bulletin MS09-065 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
»www.microsoft.com/technet/securi···065.mspx
973704 - MS09-067
MS09-067: Description of the security update for the 2007 Office system and the Office Compatibility Pack: November 10, 2009
»support.microsoft.com/kb/973704
973593 - MS09-067
Description of the security update for Excel 2007: November 10, 2009
»support.microsoft.com/kb/973593 |
|
Tuulilapsi
Kenosis
join:2002-07-29
Finland
1 edit | reply to Unknown_P
said by Unknown_P : quote:
Mitigating Factors for Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127
• An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Personally, I find nothing at all scary or nasty about that. Neither do I. But that's not the EOT parsing vulnerability that I was referring to. MS09-065 patches multiple vulnerabilities, one of which is this:
quote:
Win32k EOT Parsing Vulnerability - CVE-2009-2514
A remote code execution vulnerability exists in the Windows kernel-mode drivers due to the improper parsing of font code when building a table of directory entries. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability.
No need for local physical access at all.
--
Limited User Accounts.
Software Restriction Policies. How about the short version? |
|
Sympathy
join:2004-09-06
Newburgh, NY
1 edit | reply to dp
Updated my laptop with Windows XP SP3 32 Bit and the update KB969947 has an installed date of 11/11/2009 in add or remove porgrams. Strange seeing how the other updates were today's date 11/10/2009 and the computer clock has obviously the correct time & date. This is the first time I ever had this happen to me. Really odd and weird.
 |
|
Unknown_P
@verizon.net
| reply to Tuulilapsi
said by Tuulilapsi :said by Unknown_P : quote:
Mitigating Factors for Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127
• An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Personally, I find nothing at all scary or nasty about that. Neither do I. But that's not the EOT parsing vulnerability that I was referring to. MS09-065 patches multiple vulnerabilities, one of which is this: quote:
Win32k EOT Parsing Vulnerability - CVE-2009-2514
A remote code execution vulnerability exists in the Windows kernel-mode drivers due to the improper parsing of font code when building a table of directory entries. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability.
No need for local physical access at all. Whoops! Gotchya. Looks like I misunderstood your other post.
Sorry about that.
You're right, that's not a pretty picture. |
|
Dustyn
Premium
join:2003-02-26
Ontario, CAN | reply to MarkAW
Negative on the BSOD.
Haven't had one of those since Windows 2000.
However, I am on XP64 SP2...essentially Windows Server 2003. |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
| reply to dp
Thank you dp !
All set here...no apparent problems at all on my 2 XP Pro Machines. (Still haven't done the Vista or Win 7 machine yet).
said by MarkAW :Thanks dp for my XP Pro SP3 got 0ne update plus MSRT. Edit: Ok just finished installing updates and needed to restart system, during system shut down i get a BSOD. So wondering if anyone else got this during reboot of their XP system? Updated 2 XP Pro SP3 machines here Mark and no BSOD or any other problems that I can see.
Sorry, not sure what's up with that.
--
I had a life once.....now I have a Computer and a Modem. |
|
vader06
@optonline.net
| reply to dp
November 11, 2009: My machine did the auto update at 3am...on reboot I too got the BSOD....Arrrgggg! Unplugged...booted to safemode and did a system restore to Nov 9...rebooted OK. Now debating wether to manually install one at a time or whether to simply skip these updates...what do you think? |
|
santucci06
@optonline.net | reply to MarkAW
Same for me! BSOD on reboot. Did system resore & I'm back up and running...now the question is whether to manually installl each one at a time? Have you tried that yet? If so how did it go? |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
1 edit | reply to dp
Wow...three cases now of BSOD's is pretty bizarre.
Can't imagine what's causing this. (If it's a wide spread problem, I'm sure the cause and cure will surface soon).
I would think there must be some common denominator for those of you experiencing the problem.
As I mentioned above, I've updated 2 XP Pro SP3 machines, and now one Windows 7 Home Premium machine with no problems at all. (The XP machines required a reboot, the Win 7 machine didn't).
--
I had a life once.....now I have a Computer and a Modem. |
|
