Home > Microsoft Security > Microsoft Security Bulletin Ms09 006 Critical

Microsoft Security Bulletin Ms09 006 Critical

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. By searching using the security bulletin number (such as, "MS07-036"), you can add all of the applicable updates to your basket (including different languages for an update), and download to the Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality: Do not open or save Microsoft Office files that you receive from untrusted sources or To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners. Check This Out

To do this, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued. What causes the vulnerability? The Windows kernel-mode drivers do not properly parse font code when building a table of directory entries.

Does the offer to update a non-vulnerable version of software constitute an issue in the Microsoft update mechanism? No, the update mechanism is functioning correctly in that it detects a version of If they are, see your product documentation to complete these steps. For more information about the extended security update support period for these software releases, visit the Microsoft Product Support Services Web site. Restart Options /norestart Does not restart when installation has completed. /forcerestart Restarts the computer after installation and force other applications to close at shutdown without saving open files first. /warnrestart[:x] Presents

Special Options /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the redirection of installation log files. File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. The vulnerability cannot be exploited automatically through e-mail. Exit Registry Editor. 8.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and You may also click on the Details tab and compare information, such as file version and date modified, with the file information tables provided in the bulletin KB article. Removing the Update This security update supports the following setup switches. What should I do? The affected software listed in this bulletin have been tested to determine which releases are affected.

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }]"Compatibility Flags"=dword:00000400 You can apply this .reg file to individual systems by double-clicking it. System Center Configuration Manager 2007 uses WSUS 3.0 for detection of updates. Click Internet, and then click Custom Level. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.

Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. How could an attacker exploit the vulnerability? An attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system.

File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. his comment is here Security Advisories and Bulletins Security Bulletins 2009 2009 MS09-039 MS09-039 MS09-039 MS09-074 MS09-073 MS09-072 MS09-071 MS09-070 MS09-069 MS09-068 MS09-067 MS09-066 MS09-065 MS09-064 MS09-063 MS09-062 MS09-061 MS09-060 MS09-059 MS09-058 MS09-057 MS09-056 MS09-055 However, best practices strongly discourage allowing this. What systems are primarily at risk from the vulnerability? Workstations and terminal servers are primarily at risk.

Restart Options /norestart Does not restart when installation has completed /forcerestart Restarts the computer after installation and force other applications to close at shutdown without saving open files first. /warnrestart[:x] Presents Removing the Update This security update supports the following setup switches. You can find them most easily by doing a keyword search for "security update." Finally, security updates can be downloaded from the Microsoft Update Catalog. this contact form What does the update do? The security update addresses the vulnerabilities by validating the fields inside the SMB packets.

To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Affected and Non-Affected Software The following software have been tested to determine which versions or editions are affected.

When a user views the Web page, the vulnerability could allow remote code execution.

To continue getting the latest updates for Microsoft Office products, use Microsoft Update. Mitigating Factors for Windows Kernel Handle Validation Vulnerability - CVE-2009-0082 Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of Customers with affected installations of SQL Server that are installed on Windows 2000 operating systems and have the RSClientPrint ActiveX control should apply the update immediately. Click Start, and then click Search.

Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. For more information about ports, see TCP and UDP Port Assignments. http://blackplanetsupport.com/microsoft-security/microsoft-security-bulletin-notification.html An attacker would have no way to force users to visit a specially crafted Web site.

Removing the Update To remove this security update, use the Add or Remove Programs tool in Control Panel. However, the update resolves a problem that can cause programs that use Outlook View Control with Forms 2.0, such as Microsoft Office Outlook with Business Contact Manager, to stop functioning as What does the update do? The update addresses the vulnerability by introducing proper data validations on received packets on the WINS server. Additionally, you may not have the option to uninstall the update from the Add or Remove Programs tool in Control Panel.

This log details the files that are copied. Although this vulnerability is in Microsoft ATL, it is not in the ATL version shipped with Visual Studio. For more information, see the WINS TechNet article. However, best practices strongly discourage allowing this.

Workarounds for Uninitialized Memory Corruption Vulnerability - CVE-2009-1919 Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. See also Downloads for Systems Management Server 2.0. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.

An attacker who successfully exploited this vulnerability could cause the attacker to take complete control of the system. These registry keys may not contain a complete list of installed files. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. Removal Information Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility located in the %Windir%\$NTUninstallKB969883$\Spuninst folder File Information See Microsoft Knowledge Base Article 969883 Registry Key Verification

Core Group Policy tools and settings Note You must restart Internet Explorer for your changes to take effect.