18 critical bugs fixed in MS June 09 Security Updates

June 10th, 2009 posted by terje
Add comments

cc700840secmod196figure1-0en-ustechnet101
Today Microsoft issued 10 security updates that patched a record 31 vulnerabilities
in Windows, Internet Explorer (IE), Excel, Word, Windows Search and other programs, including 18 bugs marked “critical.”

Of the 10 bulletins, six patched some part of Windows, while three patched an Office application or component, and one fixed a flaw in IE.

Eighteen of the 31 bugs were ranked critical, Microsoft’s most serious ranking in its four-step score, while 11 were tagged as “important,” the next-lowest label, and two were judged “moderate.”

The by far most important of the security-flaws are said to be the IE roll-up package MS09-019 witch patches eight separate vulnerabilities in Microsoft’s Internet Explorer browser.

Gregg Keizer has interviewed a bunch of well known Security Researchers from Companies such as Qualys, nCircle Network Security and Shavlik Technologies.
Eric Schultze, chief technical officer at Shavlik Technologies,  recommends getting the IIS and AD patches out there first thing too.

“The Internet Information Server (IIS) flaw affects some systems that have enabled WebDAV (Web-based Distributed Authoring and Versioning), a set of extensions to HTTP used to share documents over the Web. Schultze put the spotlight on MS09-020 because Microsoft had publicly acknowledged the bug last month in a security advisory.

 

MS09-018 got his attention because Microsoft pegged the Active Directory flaw as critical, and it could be exploited remotely by simply sending a server a malicious data packet. “Someone could use this to take over Active Directory, and if they do, they’d own all [an organization's] passwords,” Schultze said.”
Read the article

I guess we all better start moving over to the  final stages of the  “evaluate and plan” phase and get this one out asap..

The Internet Storm Center has published this page that Shows the individual updates relative to the CVE articles and ratings of importance

Symantec has published this video on the issues.

symantecms0609
Symentec on June 09 MS updates

Here are the Official MS Bulletin for June 2009
http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx

I have done some searching for some feedback from  the first ones to test the updates, without to many hits so far.
Rob from the UK Windows Management User Group have done some testing without incident:
“All went swimmingly well”

Sounds Promising.