Windows Patch Tuesday – April 2009

Microsoft released 8 security bulletins on Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities.

windows_generic_v_web We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster.

If you have updates enabled, patches will be downloaded routinely. Careful users will verify that patches, have, in fact, been applied.

If Windows Automatic Update is not enabled on your system, then you should logon to the MS update site and download and apply these patches immediately.

Vulnerability issues and the corresponding patches:

MS09-010/KB923561 – Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur.

MS09-011/KB961373 – Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x.

MS09-012/KB952004/KB956572 – Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system.

MS09-013/KB960803 – Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems.

MS09-014/KB963027 – Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch.

MS09-015/KB959426 – Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows Search Path function that could enable an escalation of privileges.


Filed under Application Vulnerabilities, Don't Get Hacked, Malware Advisories, Microsoft Patch Tuesday, Spyware - Adware Protection, Windows Tips and Tools

6 responses to “Windows Patch Tuesday – April 2009

  1. My computer refuses to allow windows updates. It keeps doing the same upload every time I turn off my computer. When I turn it back on, there’s the message saying I need to download it again.

    • Bill Mullins

      Hello Donna,

      Sorry it took some extra time to get back to you. In any event, try the
      following which should cure the problem.

      First, checkout the solution offered by Microsoft at

      As well, there is a free program called “Dial-a-Fix”, which should also cure
      this problem. Download, install and then reboot into safe mode (hit the F-8
      key at system startup), then launch the application. Follow the instructions
      carefully. You can download this free application at
      a safe download site.

      Please let me know if this helps.



  2. whatsonmypc


    Thank you for the “heads up” on this… Just one of the reasons I visit your weblog.


  3. Josh Richmond

    Since I’ve installed these patches my system has been running VERY slow. I did a restore before the patch and the system ran fine. I then downloaded the patches again, thinking maybe I didn’t get a good download (corrupted). System ran fine for a bit, and then started to show the same signs of slow down. Is there a problem with this patch? Thanks,


  4. Bz

    after these April patches my computer has been freezing up a lot. I did a system restore too and it was working just fine till i updated again(my dorm block access to internet if we do not have all updates)
    are there any bugs with these new patches and which one is it?