Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

5 critical vulnerabilities to be addressed by MS patches for September

Shavlik Technologies : 09 September, 2009  (Technical Article)
Jason Miller, the Security and Data Team Manager of Shavlik Technologies has identified the latest Microsoft patches affecting different products in the MS range but not Windows 7
Microsoft has released five new security bulletins in the September version of Patch Tuesday. All bulletins are rated with a Critical severity rating. This month, Windows 7 is not an affected product for the bulletins and vulnerabilities. All bulletins are not publically known at this time.

The most important bulletin to install first is MS09-048. This bulletin resolves three vulnerabilities in the networking component TCP/IP. In two of the vulnerabilities, attacks could cause a Denial of Service on target machines by sending specially crafted network packets that will cause the system to freeze or automatically restart. The other vulnerability addressed could allow attacks to take control of a target Windows Vista or Windows 2008 system by also sending specially crafted packets. Administrators should patch their servers as soon as possible for this vulnerability as it could lead to network wide outages.

Interestingly enough, Windows 2000 Service Pack 4 is affected by this security bulletin but Microsoft is not issuing a patch for the vulnerability. Microsoft is stating that creating a patch to address the vulnerability is 'infeasible to build.' With this in mind, a vulnerability that affects Windows 2000 is about to be made known and administrators cannot simply patch their machines.

MS09-045, MS09-046, MS09-047 and MS09-049 can lead to remote code execution. Each of these bulletins are likely to affect the desktop.

MS09-049 affects Window Vista and Windows 2008 machines that have a Wireless card. Specially crafted wireless frames can be sent to the target system through today's war dialing routines to take complete control of the machine. If a machine does not have a wireless card, it cannot be attack through this vulnerability.

MS09-045 (jscript) and MS09-046 (DHTML) are vulnerabilities that can be taken advantage of through specially crafted web pages. If an unpatched system visits a specially crafted web page, an attacker can take complete control of the system.

MS09-047 addresses two vulnerabilities in Windows Media Format. If an attacker can get an unpatched system to visit a specially crafted web page, or play a specially crafted media file, he or she can gain complete control of a target system.

The security advisory 975191 was not patched during this patch Tuesday cycle. The advisory has been updated by Microsoft stating that vulnerability is being used in limited attacks. Administrators should look at addressing this vulnerability through work-arounds provided by Microsoft until a security patch becomes available.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo