June 2009 Microsoft And Adobe Security Updates

[Peaches]

June 2009 Microsoft and Adobe Security Updates

11:48 pm (UTC-7) | by Det Caraig (Technical Communications)

"Microsoft released ten security advisories yesterday to address at least 31 vulnerability issues in its various Windows operating system (OS) versions and other software. This broke the company’s December 2008 record of releasing patches for 28 vulnerabilities. Six of the said vulnerabilities were categorized as critical, three were important, and one was moderate. This means that attackers can exploit these flaws to remotely execute malicious codes in vulnerable systems.

The following list summarizes the above-mentioned vulnerabilities Microsoft OS and software users should patch:

(MS09-018) Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

(MS09-019) Cumulative Security Update for Internet Explorer (969897)

(MS09-020) Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

(MS09-021) Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)

(MS09-022) Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)

(MS09-023) Vulnerability in Windows Search Could Allow Information Disclosure (963093)

(MS09-024) Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)

(MS09-025) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)

(MS09-026) Vulnerability in RPC Could Allow Elevation of Privilege (970238)

(MS09-027) (MS09-027) Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

The most noteworthy of the above-mentioned vulnerabilities is a flaw in Internet Explorer (IE), particularly in version 8, which was first exploited in a hacking competition held earlier in March. Microsoft also released an update that repairs at least seven bugs in Office Excel. It also shipped a single patch to fix around 16 security issues in various versions of PowerPoint.

Adobe also released its first-ever quarterly patch for its Reader and Acrobat product lines the same day Microsoft did. Adobe categorized its release as critical and recommends that users apply the update for their product installations. The updated patched up holes which could cause the applications to crash and potentially allow an attacker to take control of an affected system.

To avoid becoming the victims of these vulnerabilities, users are advised to download the latest security updates from the Microsoft and Adobe websites using the links in this blog entry."

TrendMicro - http://blog.trendmicro.com/

[Peaches]

10 June 2009, 12:13

Patch day for Adobe

"As planned and in parallel with Microsoft's patch day, Adobe has issued security updates to eliminate the 13 publicly known vulnerabilities in past and present versions of Adobe Reader and Adobe Acrobat. The updates also eliminate several vulnerabilities that were discovered during internal audits, but no further information is given about these. Adobe describes many of the vulnerabilities as critical, because they allow crafted PDF documents to inject malicious code into a system and run it. Most of the bugs again affect the JBIG2 filter.

Anti-virus software producers now report that targeted attacks on vulnerabilities in PDF applications have left those aimed at Word and Excel far behind. That fact makes it all the more important to install the updates as soon as possible. However, the updates to version 9.1.2 (and to 8.1.6 and 7.1.3 for the older products) are initially only available for Windows and Mac. Those for Unix platforms are not due to be released until 16 June."

Heise security - http://www.h-online.com/security/Patch-day...e--/news/113494

[Peaches]

10 June 2009, 14:37

Microsoft issues security updates for Office 2004 and 2008 for Mac

"Microsoft has released updates for its Office 2004 and 2008 suites for Macintosh that patch several critical security vulnerabilities. The updates patch a critical vulnerability in Word that could be used by an attacker to execute arbitrary code on a victims system. For an attack to be successful, a victim must first open a specially crafted malicious Word file.

Microsoft also released an update for the Open XML File Formate Converter for Mac. Version 1.0.3 addresses several vulnerabilities that could be used by an attacker to execute malicious code. Microsoft advises all users to apply the updates as soon as possible.

The security advisories from Microsoft, however, make no official mention of the promised updates to PowerPoint to correct the previously reported critical vulnerabilities."

More at Heise security - http://www.h-online.com/security/Microsoft...c--/news/113498

[Peaches]

10 June 2009, 11:23

Microsoft fixes 28 vulnerabilities in its products

"Microsoft have released ten patches to fix a total of 28 security vulnerabilities. Microsoft regards many of the vulnerabilities as critical, because they enable malicious code to be injected and executed. The most dramatic affects Internet Explorer in particular: just one cumulative update alone closes eight vulnerabilities in versions 5.01 to 8, six of which can cause infection of the system if a crafted web site is visited

The success of an attack however also depends on the operating system being used. Under Windows Server 2003 and 2008, Internet Explorer runs in a special "restricted mode" that makes attacks difficult. Microsoft moreover considers it likely that only one of the eight bugs will spawn a functioning exploit."

More at Heise security - http://www.h-online.com/security/Microsoft...s--/news/113491

[Peaches]

~ topic bumped up ~

[sultan_emerr]

Thanks