Microsoft released 8 security bulletins on Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities.
We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security.
It is not an overstatement to say; an unpatched Windows system is an invitation to disaster.
If you have updates enabled, patches will be downloaded routinely. Careful users will verify that patches, have, in fact, been applied.
If Windows Automatic Update is not enabled on your system, then you should logon to the MS update site and download and apply these patches immediately.
Vulnerability issues and the corresponding patches:
MS09-010/KB923561 – Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur.
MS09-011/KB961373 – Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x.
MS09-012/KB952004/KB956572 – Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system.
MS09-013/KB960803 – Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems.
MS09-014/KB963027 – Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch.
MS09-015/KB959426 – Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows Search Path function that could enable an escalation of privileges.
My computer refuses to allow windows updates. It keeps doing the same upload every time I turn off my computer. When I turn it back on, there’s the message saying I need to download it again.
Hello Donna,
Sorry it took some extra time to get back to you. In any event, try the
following which should cure the problem.
First, checkout the solution offered by Microsoft at
http://support.microsoft.com/kb/943144
As well, there is a free program called “Dial-a-Fix”, which should also cure
this problem. Download, install and then reboot into safe mode (hit the F-8
key at system startup), then launch the application. Follow the instructions
carefully. You can download this free application at
Softpedia,
a safe download site.
Please let me know if this helps.
Regards,
Bill
Bill,
Thank you for the “heads up” on this… Just one of the reasons I visit your weblog.
Rick
Thanks for that Rick.
Bill
Since I’ve installed these patches my system has been running VERY slow. I did a restore before the patch and the system ran fine. I then downloaded the patches again, thinking maybe I didn’t get a good download (corrupted). System ran fine for a bit, and then started to show the same signs of slow down. Is there a problem with this patch? Thanks,
Josh
after these April patches my computer has been freezing up a lot. I did a system restore too and it was working just fine till i updated again(my dorm block access to internet if we do not have all updates)
are there any bugs with these new patches and which one is it?
B.Z.