Security Bulletin: February 2009 Updates
We have released the 4 security updates for February 2009. A Summary of these bulletins is below with links to further technical details in each bulletin ID link. We are also releasing Security Advisory (960715) – Update Rollup for ActiveX Kill Bits. A summary of that is further down in the post.
| Bulletin ID | Bulletin Title | Maximum Severity Rating |
Security Impact |
Restart Requirement | Affected Software |
| MS09-002 | Cumulative Security Update for Internet Explorer | Critical |
Remote Code Execution | Requires Restart | Microsoft Windows, Internet Explorer |
| MS09-003 | Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) | Critical |
Remote Code Execution | May Require Restart | Microsoft Exchange Server |
| MS09-004 | Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) | Important |
Remote Code Execution | May Require Restart | Microsoft SQL Server |
| MS09-005 | Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) | Important |
Remote Code Execution | May Require Restart | Microsoft Office |
Summaries of these bulletins can be found here.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available here.
New Security Advisory
We are also releasing a new set of ActiveX Kill Bits with Security Advisory (960715) - Update Rollup for ActiveX Kill Bits. The update includes kill bits for previously published Microsoft security bulletins:
MS08-070, Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) Details here.
The update also includes kill bits for the following third-party software:
Akamai Download Manager: This security update sets a kill bit for an ActiveX control developed by Akamai Technologies. Akamai Technologies has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Akamai Technologies. This kill bit is being set at the request of the owner of the ActiveX controls.
Research in Motion (RIM) AxLoader: This security update sets a kill bit for an ActiveX control developed by Research In Motion (RIM). RIM has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Research In Motion. This kill bit is being set at the request of the owner of the ActiveX controls.
For more information about installing this update please see:
Microsoft Knowledge Base Article 960715: https://support.microsoft.com/kb/960715
Security Advisory 960715: https://www.microsoft.com/technet/security/advisory/960715.mspx
Please have a look at these updates and see where they apply in your environments.
Technorati Tags: Computer Security,Patching,Updates,Software Updates
Jeffa