Hi, Bill here,
The March 2009 release contains 3 new bulletins, 1 of which has a maximum severity of “Critical”.
- MS09-006 – Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
- MS09-007 – Vulnerability in SChannel Could Allow Spoofing (960225)
- MS09-008 – Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
We also revised bulletin MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), to note a revision to some of the packages associated with this bulletin (specifically 938464). Please see the bulletin revision notes for more information. You can find more information about all of the bulletins at the Microsoft’s Security Update Archive, as well as an Exploitability Index rating for each. Also, Microsoft recommends that all customers sign up for Microsoft Update (MU) and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure. Customers can sign up for MU by following the steps at http://update.microsoft.com/microsoftupdate.
Additionally, Microsoft plans to offer two new features this month to help supplement the March bulletin release. One will be a video featuring Christopher Budd and Adrian Stone that will review information about each bulletin to further aid in planning and deployment. More information about this video can be found at blogs.technet.com/msrc. In addition, Microsoft’s Security Research & Defense blog will be updated to provide IT pros with additional information about mitigations, workarounds and root causes of vulnerabilities addressed in this month’s bulletin release. Please note that the Security Research & Defense blog has a new URL: http://blogs.technet.com/srd/.
As always, we encourage you to join us for the regular monthly security bulletin webcast, Wednesday March 11, 11:00 AM Pacific Daylight Time (GMT -7). We’ll have an overview of the March bulletins, and you’ll have the opportunity to ask us questions around the release.
*This posting is provided “AS IS” with no warranties, and confers no rights.*