Microsoft Patch Tuesday - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Microsoft Patch Tuesday 2009-04-14

MS90-09
Title	Multiple memory corruption vulnerabilities allow random code execution. Also affect Excel viewer and Mac OS X versions of Microsoft Office.
Replaces	MS80-74
Affected	Excel
KB	KB968557
Known Exploits	Yes
Microsoft Rating	Critical
ISC Client Rating	Patch now
ISC Server Rating	Patch now

CVE	Exploitability
2009-0100	2
2009-0238	1

Top of page

MS90-10
Title	Multiple vulnerabilities allow random code execution
Replaces	MS40-27
Affected	Wordpad & office converters
KB	KB960477
Known Exploits	Yes
Microsoft Rating	Critical
ISC Client Rating	Patch now
ISC Server Rating	Patch now

CVE	Exploitability
2009-0087	2
2009-0088	1
2009-0235	1
2008-4841	1

Top of page

MS90-11
Title	MJPEG (don't confuse with mpeg) input validation error allows random code execution
Replaces	MS80-33
Affected	DirectX
KB	KB961373
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2009-0084	2

Top of page

MS90-12
Title	Multiple vulnerabilities allow privilege escalation and random code execution. Affects servers with IIS and SQLserver installed and more.
Replaces	MS70-22, MS80-02, MS80-64
Affected	Windows
KB	KB959454
Known Exploits	Yes
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2009-0078	1
2009-0079	1
2009-0080	1
2008-1436	1

Top of page

MS90-13
Title	Multiple vulnerabilities allow random code execution, spoofing of https certificates and NTLM credential reflection. Related to MS09-014 (below).
Replaces
Affected	HTTP services
KB	KB960803
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2009-0086	1
2009-0089	1
2009-0550	1

Top of page

MS90-14
Title	Cumulative MSIE patch.
Replaces	MS80-73, MS80-78, MS90-02, MS90-13
Affected	IE
KB	KB963027
Known Exploits	Yes
Microsoft Rating	Critical
ISC Client Rating	Patch now
ISC Server Rating	Patch now

CVE	Exploitability
2009-0550	1
2009-0551	2
2009-0552	3
2009-0553	3
2009-0554	1
2008-2540	3

Top of page

MS90-15
Title	Update to make the system search for libraries first in the system directory by default and an API to change the order.
Replaces	MS70-35, MS90-14
Affected	SearchPath
KB	KB959426
Known Exploits	No
Microsoft Rating	Moderate
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2008-2540	2

Top of page

MS90-16
Title	Multiple input validation vulnerabilities allow a DoS and XSS.
Replaces
Affected	ISA server
KB	KB961759
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	N/A
ISC Server Rating	N/A

CVE	Exploitability
2009-0077	3
2009-0237	3

Top of page

We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.