Security → Microsoft Security Bulletin(s) for November 10, 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/techne ··· security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/techne ··· nov.mspx

Critical (3)

Microsoft Security Bulletin MS09-063
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
»www.microsoft.com/techne ··· 063.mspx

Microsoft Security Bulletin MS09-064
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
»www.microsoft.com/techne ··· 064.mspx

Microsoft Security Bulletin MS09-065
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
»www.microsoft.com/techne ··· 065.mspx

Important (3)

Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)
»www.microsoft.com/techne ··· 066.mspx

Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
»www.microsoft.com/techne ··· 067.mspx

Microsoft Security Bulletin MS09-068
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
»www.microsoft.com/techne ··· 068.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Thanks dp for my XP Pro SP3 got 0ne update plus MSRT.

Edit: Ok just finished installing updates and needed to restart system, during system shut down i get a BSOD. So wondering if anyone else got this during reboot of their XP system?

Only got KB969947 and KB890830 on all 3 XP Pro and Home machines-needed a reboot though. A very light month for updates-glad after the bunch I got last month.

thanks don

TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200)
Event ID: 1032407490

Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.

Duration: 90 Minutes
Start Date: Wednesday, November 11, 2009 11:00 AM Pacific Time (US & Canada)

Event Overview

On November 11, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the November security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Senior Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register now for the november security bulletin webcast.

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Date Published: 10/11/2009

Win32/FakeVimes

Encyclopedia entry
Updated: Nov 10, 2009 | Published: Nov 04, 2009

»www.microsoft.com/downlo ··· ylang=en

Applied patches to 2 Win7 Home 32 bit systems. No problems so far. No reboot needed. No Win7 patches this month except usual Malicious Software Removal Tool, but there were several Office patches.

Four only for me, dp , MSRT, one for XP and two for MS Office.

I have a nice, new box and only had 2 updates to add. I did have to reboot however.

8 on each of 3 Vista PCs...2 Home Premium and 1 Home Basic.

No problems of any kind identified here so far on XP, Vista or 7.

The MS09-065 EOT parsing vuln looks like a rather nasty one - remote code execution with privilege escalation?

»www.microsoft.com/techne ··· 065.mspx

quote:

---

Mitigating Factors for Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127

• An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

---

Personally, I find nothing at all scary or nasty about that. I'm not even going to install that update.
But that's because I have no concerns about someone with malfeasance in mind sitting down and logging into my home computer.

Though a different story in a corporate environment, I suppose.

Thanks Don.

On XP home SP3 (Dutch) with Office 2007 (for home and students; English) I got:

974561
Description of the update for Office Word 2007: November 2009
»support.microsoft.com/kb/974561

MSRT

969947 - MS09-065
Microsoft Security Bulletin MS09-065 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
»www.microsoft.com/techne ··· 065.mspx

973704 - MS09-067
MS09-067: Description of the security update for the 2007 Office system and the Office Compatibility Pack: November 10, 2009
»support.microsoft.com/kb/973704

973593 - MS09-067
Description of the security update for Excel 2007: November 10, 2009
»support.microsoft.com/kb/973593

Neither do I. But that's not the EOT parsing vulnerability that I was referring to. MS09-065 patches multiple vulnerabilities, one of which is this:

quote:

---

Win32k EOT Parsing Vulnerability - CVE-2009-2514

A remote code execution vulnerability exists in the Windows kernel-mode drivers due to the improper parsing of font code when building a table of directory entries. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability.

---

No need for local physical access at all.

Updated my laptop with Windows XP SP3 32 Bit and the update KB969947 has an installed date of 11/11/2009 in add or remove porgrams. Strange seeing how the other updates were today's date 11/10/2009 and the computer clock has obviously the correct time & date. This is the first time I ever had this happen to me. Really odd and weird.

Whoops! Gotchya. Looks like I misunderstood your other post.
Sorry about that.

You're right, that's not a pretty picture.

Negative on the BSOD.
Haven't had one of those since Windows 2000.
However, I am on XP64 SP2...essentially Windows Server 2003.

Thank you dp !
All set here...no apparent problems at all on my 2 XP Pro Machines. (Still haven't done the Vista or Win 7 machine yet).Updated 2 XP Pro SP3 machines here Mark and no BSOD or any other problems that I can see.
Sorry, not sure what's up with that.

November 11, 2009: My machine did the auto update at 3am...on reboot I too got the BSOD....Arrrgggg! Unplugged...booted to safemode and did a system restore to Nov 9...rebooted OK. Now debating wether to manually install one at a time or whether to simply skip these updates...what do you think?

Same for me! BSOD on reboot. Did system resore & I'm back up and running...now the question is whether to manually installl each one at a time? Have you tried that yet? If so how did it go?

Wow...three cases now of BSOD's is pretty bizarre.
Can't imagine what's causing this. (If it's a wide spread problem, I'm sure the cause and cure will surface soon).
I would think there must be some common denominator for those of you experiencing the problem.

As I mentioned above, I've updated 2 XP Pro SP3 machines, and now one Windows 7 Home Premium machine with no problems at all. (The XP machines required a reboot, the Win 7 machine didn't).

Update: Manually installed each update one-by-one (I had 7 including Office Updates)...Rebooted after each update...All done. No problems. Not sure where the conflict was during auto update, but when I did it manually everything is OK.

Interesting Santucci06...glad you were successful this time. (And thanks for the update).

Very strange. Some sort of conflict between two or more updates when installing all at once, and rebooting...(and subsequent changes to the system during the process, conflicting with other software?)

Beats me. Have to see how this plays out, I suppose.

Got 4 updates on Vista HP 32-bit. Had to reboot, no BSOD.

Likewise, no Win 7 patches and no reboots. Sweet!

Thanks DP,

Running 2000, XPH & XPP, no issues with the updates, all systems required to be restarted.

November 2009 Security Release ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on November 10th, 2009.

»www.microsoft.com/downlo ··· 0f37881f