Upcoming Patch Tuesday for February 10, 2009

Microsoft Today has released the list of patches for February. Here’s the List of things they will patch:

[ad#ad2-right]

The list of affected operating configurations includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Microsoft Exchange Server 2000, 2003, and 2007, Microsoft SQL Server 2000 and 2005, as well as Visio 2002, 2003, and 2007 are also affected.
[Via Arstechnica]

We got several Non-critical updates.  Here’s the List of them, some of these are monthly updates and some are just interesting to look at:

  • Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)
  • Windows Malicious Software Removal Tool – February 2009 (KB890830)/Windows Malicious Software Removal Tool – February 2009 (KB890830) – Internet Explorer Version
  • Cumulative Update for Media Center for Windows Vista (KB960544)
  • Cumulative Update for Media Center TVPack for Windows Vista (KB958653)
  • Update Rollup for ActiveX Killbits for Windows (KB960715)

We got an Update to Media Center and TVPack for Windows Vista to resolve issues with software.   The ActiveX Killbits issues have been identified in ActiveX controls that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it.  So we don’t exactly know what what issues they are talking about.   I hope this helps your system administrators get ready for this update.  If I were you, I’d having Clone of Autopatcher ready for these updates.  Remember to patch as soon as your company will allow, because waiting to long could make you have even more of an headache.   I’ll update the others as soon as I find out the updates.

The Important Windows patches Released Today

As many of you know we talked about the Non-critical patches that Microsoft will release today.  IF you want to read those please go and check it out.   I’ll be talking about the REALLY important ones that Microsoft has kept tight until now.    These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

[ad#ad2-right]

  • KB955839
  • KB957388
  • KB890830
  • KB905866
  • These are just the tip of the iceberg. although this list are not A lot.  I’d wanted to let people know about what people coin “Exploit Wednesday“.  I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible.  Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates.  I don’t suggest testing it more than a couple days.  Here are some good Virtual Machine software to try out yourself:

    Here is the list of updates that are critical that Microsoft released today.   Each one of these are quite important and should be considered installed when you get a chance.

    [ad#ad2-left]Microsoft Security Bulletin MS08-073 – Critical
    Cumulative Security Update for Internet Explorer (KB958215)

    This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Security Bulletin MS08-071 – Critical
    Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

    This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    [ad#ad2-right]Microsoft Security Bulletin MS08-075 – Critical
    Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

    This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    KB952069
    (not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

    In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

    These are just ones that I found and wanted to let you know, the others have been explained on the other article.  So check them all out and I suggest installing them quickly as possible.