On CHOW: Groundbreaking hangover cure
BNET Business Network:
BNET
TechRepublic
ZDNet

June 4th, 2009

Patch Tuesday heads-up: Critical Windows, IE fixes coming

Posted by Ryan Naraine @ 10:58 am

Categories: Anti Virus, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Microsoft, Passwords, Patch Watch, Responsible disclosure, Spyware and Adware, Vulnerability research, Windows Vista

Tags: Vulnerability, Patch Management, Microsoft Internet Explorer, Microsoft Corp., Attack, Microsoft Windows, Patches, Operating Systems, Security, Software

Microsoft plans to ship 10 security bulletins next Tuesday (June 9, 2009) with fixes for a wide range of code execution vulnerabilities affecting Windows, Microsoft Office and Internet Explorer. Six of the ten bulletins will be rated “critical,” Microsoft’s highest severity rating.

[ SEE: Dangerous Microsoft DirectX vulnerability under attack ]

This month’s batch of patches will not include a fix for the DirectShow vulnerability that’s currently being used in drive-by download attacks against Windows Media Player.

You may have noticed that we are not announcing an update for the DirectShow vulnerability addressed in Security Advisory 971778. Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution. We continue to monitor the situation closely and suggest customers follow the guidance provided in the advisory.

In the absence of that fix, Windows users should immediately consider disabling QuickTime parsing to thwart the ongoing attacks.  This KB article provides fix-it button that automatically enables the workaround.

Microsoft also announced that an Office for Mac fix will be coming this month to address vulnerabilities already fixed in May’s MS09-017.  Microsoft originally shipped fixes for Windows users but the Mac patches were not ready in time.

The image above captures the essence of this month’s fixes.   Windows users should treat the IE and critical Windows patches with the utmost priorities.  Businesses considered at high-risk of targeted attacks should immediately test and deploy the Microsoft Office patches.

The Windows patches will be available all versions of the operating system — Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 59 Talkback(s)
As Matthew says to Zachariah...
..."You only need one!" (Read the rest)
Posted by: fairportfan Posted on: 06/10/09 You are currently: a Guest | | Terms of Use
Only 4 bulletins for Vista  directory | 06/04/09
But one of them is still rated "Critical"  Zogg | 06/04/09
They will wait a couple of months.  Erroneous | 06/04/09
You're assuming that The Bad Guys aren't exploiting these already...  Zogg | 06/04/09
You know...  Erroneous | 06/04/09
The way to know if it's being exploited already...  Zogg | 06/04/09
And anything else that.....  Erroneous | 06/04/09
The same could be said of any other OS.  ye | 06/05/09
difference being  tmsbrdrs | 06/08/09
Well, *I'm* not assuming anything.  Spiritusindomit@... | 06/09/09
Hah. Obviously...  fairportfan | 06/10/09
That's not what we've heard when it comes to non-Windows OSes.  ye | 06/05/09
I said "one good vulnerability"  Zogg | 06/05/09
Personally I have no problem with.....  Erroneous | 06/05/09
Well, maybe...  fairportfan | 06/10/09
Of course you're not.  ye | 06/05/09
I see: you're trying to pick an argument against "The ABMers".  Zogg | 06/05/09
You were done before you started.  ye | 06/05/09
While that's valid...  Spiritusindomit@... | 06/09/09
No, not that many,...  joe.smetona@... | 06/05/09
Irrelevant to my point.  ye | 06/05/09
Yes, but MS does bear the burden of Computer Development.  joe.smetona@... | 06/05/09
And what does this have to do with my post? (nt)  ye | 06/05/09
I'm still looking for the first Linux failure.  joe.smetona@... | 06/05/09
It depends on what you define as a failure.  ye | 06/05/09
still looking for the first Linux failure  twaynesdomain | 06/05/09
5 months and no trouble  tmsbrdrs | 06/08/09
@tmsbrdrs  Spiritusindomit@... | 06/09/09
Re: Ye, Tway  joe.smetona@... | 06/06/09
It's not pre-summer 2004 any more.  ye | 06/06/09
Re: Ye  joe.smetona@... | 06/06/09
@ye  zkiwi | 06/06/09
@joe.smetona: Yep, lost credibility.  ye | 06/08/09
@zkiwi: That is correct.  ye | 06/08/09
@Ye, You better make the call...  joe.smetona@... | 06/08/09
@joe.smetona: Why?  ye | 06/08/09
@ye  tmsbrdrs | 06/08/09
reasons behind the numbers game  tmsbrdrs | 06/08/09
That's because anyone with half a brain can read userbase...  Spiritusindomit@... | 06/09/09
As Matthew says to Zachariah...  fairportfan | 06/10/09
Why?  zkiwi | 06/04/09
Same old....  daMan25 | 06/04/09
Well...  zkiwi | 06/04/09
So what? It's secure now.  ye | 06/05/09
You're ignoring the present...  zkiwi | 06/05/09
And what would you have Microsoft do about them?  ye | 06/05/09
What would I have had them do?  zkiwi | 06/06/09
@zkiwi: Again I ask: What would you have them do?  ye | 06/08/09
There are no insecure OS' . . None!  derekgore | 06/08/09
About the nature of exploits.  joe.smetona@... | 06/10/09
I agree.....  daMan25 | 06/05/09
Exactly.  joe.smetona@... | 06/05/09
Just to be clear...  honeymonster | 06/04/09
Are we ready for XP, SP4 yet?  joe.smetona@... | 06/05/09
We know where they take you  Alan Smithie | 06/05/09
Here the application of the same reasons  chrome_slinky@... | 06/05/09
RE: Patch Tuesday heads-up: Critical Windows, IE fixes coming  phatkat | 06/05/09
RE: Patch Tuesday heads-up: Critical Windows, IE fixes coming  twaynesdomain | 06/05/09
RE: Patch Tuesday heads-up: Critical Windows, IE fixes coming  jbear@... | 06/09/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here