KBs and Stuff

MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (March 10, 2010): Corrected the severity table to list Microsoft Office Excel 2003 as affected by CVE-2010-0262. Corrected the package file name for Excel 2007. Also corrected the list of affected software in the Executive Summary. These are informational changes only. Customers who have successfully updated their systems do not need to take further action.Summary: This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Revision Note: V1.1 (March 10, 2010): Restated the mitigation concerning the e-mail vector. Added a new workaround for disabling the peer factory class in iepeers.dll.Summary: Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Microsoft Security Bulletin Summary for March 2010
Revision Note: V1.0 (March 9, 2010): Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for March 2010.

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (March 9, 2010): Bulletin published.Summary: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin Summary for July 2009
Revision Note: V8.0 (March 9, 2010): Revised to add Microsoft Virtual Server 2005 to affected software for MS09-033. Summary: This bulletin summary lists security bulletins released for July 2009.

MS09-033 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) - Version:2.0
Severity Rating: Important - Revision Note: V2.0 (March 9, 2010): Rereleased this bulletin to add Microsoft Virtual Server 2005 to affected software. No other update packages are affected by this rerelease.Summary: This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Advisory (973811): Extended Protection for Authentication
Revision Note: V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917.Summary: Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) - Version:1.2
Severity Rating: Important - Revision Note: V1.2 (March 2, 2010): Added an item to the Frequently Asked Questions (FAQ) About this Security Update to announce the offering of revised packages on Windows Update. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.

Microsoft Security Advisory (981169): Vulnerability in VBScript Could Allow Remote Code Execution
Revision Note: V1.0 (March 1, 2010): Advisory published.Summary: Microsoft is investigating new public reports of a possible vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) - Version:1.5
Severity Rating: Critical - Revision Note: V1.5 (February 17, 2010): Corrected the MBSA detection entries for Microsoft Office Outlook 2007 and Microsoft Office Visio Viewer 2007. This is an information change only. There were no changes to the security update files or detection logic.Summary: This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-036 – Important: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (February 17, 2010): Added a link to Microsoft Knowledge Base Article 950762 under Known Issues in the Executive Summary.Summary: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.

Microsoft Security Bulletin Summary for February 2010
Revision Note: V1.1 (February 10, 2010): Corrected restart requirements for MS10-005.Summary: This bulletin summary lists security bulletins released for February 2010.

MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (February 10, 2010): Corrected the bulletin replacement for the Quartz (KB975560) update package. Corrected the restart requirements for the update on all platforms except Microsoft Windows 2000 and Windows Server 2008. Changed the Systems Management Server table entries for SMS 2003 with ITMU for Windows 7 and Windows Server 2008 R2. Finally, corrected the verification registry key for all supported x64-based editions of Windows XP. These are informational changes only. There were no changes to the security update files or detection logic.Summary: This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-012 - Important: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (February 10, 2010): Corrected the FAQ for SMB Null Pointer Vulnerability - CVE-2010-0022 to reflect that the vulnerability was responsibly disclosed. Changed the Systems Management Server table entries for SMS 2003 with ITMU for Windows 7 and Windows Server 2008 R2. Corrected the verification registry key for all supported x64-based editions of Windows XP. These are informational changes only. There were no changes to the security update files or detection logic.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

MS10-011 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (February 10, 2010): Corrected the verification registry key for all supported x64-based editions of Windows XP. This is an informational change only.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

MS10-010 - Important: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (February 10, 2010): Changed the Systems Management Server table entry for SMS 2003 with ITMU for Windows Server 2008 R2. This is an informational change only. There were no changes to the security update files or detection logic.Summary: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

MS10-009 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (February 10, 2010): Corrected the command-line information for the Disable the "Core Networking - Router Advertisement (ICMPv6-In)" inbound firewall rule workaround. This is an informational change only.Summary: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.

MS10-008 - Critical: Cumulative Security Update of ActiveX Kill Bits (978262) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (February 10, 2010): Added the "Is this control installed by default in Microsoft Office?" entry to the vulnerability FAQ for CVE-2010-0252. Changed entries in the Systems Management Server table for SMS 2003 with ITMU for Windows 7 and Windows Server 2008 R2. These are informational changes only.Summary: This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.

MS10-006 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (February 10, 2010): Changed entries in the Systems Management Server table for SMS 2003 with ITMU for Windows 7 and Windows Server 2008 R2. This is an informational change only. There were no changes to the security update files or detection logic.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.

MS10-005 - Moderate: Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) - Version:1.1
Severity Rating: Moderate - Revision Note: V1.1 (February 10, 2010): Corrected Security Update Deployment subsections to indicate that in some cases, the update does not require a restart. Corrected the verification registry key for all supported x64-based editions of Windows XP. These are informational changes only. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-003 - Important: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (February 10, 2010): Added a link to Microsoft Knowledge Base Article 978214 under Known Issues in the Executive Summary.Summary: This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-002 - Critical: Cumulative Security Update for Internet Explorer (978207) - Version:1.3
Severity Rating: Critical - Revision Note: V1.3 (February 10, 2010): Corrected the severity ratings for Internet Explorer 5.01 Service Pack 4 when installed on Microsoft Windows 2000 Service Pack 4 and Internet Explorer 6 for Windows XP Service Pack 2 for CVE-2010-0027.Summary: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure
Revision Note: V1.1 (February 10, 2010): Specified the mitigation offered by Protected Mode. Also clarified an FAQ and workaround pertaining to Protected Mode.Summary: Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (February 9, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.

MS10-007 - Critical: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 February 9, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.

MS10-004 - Important: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (February 9, 2010): Bulletin published.Summary: This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Revision Note: V2.0 (February 9, 2010): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-015 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-015. The vulnerability addressed is the Windows Kernel Exception Handler Vulnerability - CVE-2010-0232.

Microsoft Security Advisory (977377): Vulnerability in TLS/SSL Could Allow Spoofing
Revision Note: V1.0 (February 9, 2010): Advisory published.Summary: Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer(SSL)protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.

MS09-073 - Important: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) - Version:2.1
Severity Rating: Important - Revision Note: V2.1 (January 27, 2010): Corrected erroneous entries in the Executive Summary, Update FAQ, and Vulnerability FAQ to clarify that the Microsoft Office XP Service Pack 3 (KB975008) and Microsoft Office 2003 Service Pack 3 (KB975051) update packages do not apply to Microsoft Office Word but only to text converters used by other Microsoft Office applications in order to read Word files. This is an informational change only.Summary: This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

Microsoft Security Bulletin Summary for January 2010
Revision Note: V2.0 (January 21, 2010): Added Microsoft Security Bulletin MS10-002, Cumulative Update for Internet Explorer (978207). Also added the bulletin webcast link for this out-of-band security bulletin.Summary: This bulletin summary lists security bulletins released for January 2010.

Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Revision Note: V2.0 (January 21, 2010): Advisory updated to reflect publication of security bulletinSummary: Microsoft has completed the investigation the public reports of this vulnerability. We have issued MS10-002 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-002. The vulnerability addressed is the HTML Object Memory Corruption Vulnerability - CVE-2010-0249.

Microsoft Security Bulletin Summary for December 2009
Revision Note: V2.0 (January 13, 2010): For MS09-073, renamed the update packages formerly listed as Microsoft Office Word 2002 Service Pack 3 (KB975008) and Microsoft Office Word 2003 Service Pack 3 (KB975051) to Microsoft Office XP Service Pack 3 (KB975008) and Microsoft Office 2003 Service Pack 3 (KB975051), respectively. Summary: This bulletin summary lists security bulletins released for December 2009.

MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (January 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin Summary for October 2009
Revision Note: V4.1 (January 12, 2010): Removed Microsoft Expression Web, Microsoft Expression Web 2, Microsoft Office Groove 2007, and Microsoft Office Groove 2007 Service Pack 1 as affected software for MS09-062.Summary: This bulletin summary lists security bulletins released for October 2009.

MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) - Version:2.2
Severity Rating: Critical - Revision Note: V2.2 (January 12, 2010): Corrected references to various Microsoft Office software. See the entry to the Frequently Asked Questions (FAQ) Related to This Security Update section that explains this revision. Customers who have successfully installed this update do not need to reinstall.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-052 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) - Version:1.2
Severity Rating: Critical - Revision Note: V1.2 (January 12, 2010): Corrected registry keys for Windows Media Player 6.4 on Microsoft Windows 2000 Service Pack 4. This is an informational update only.Summary: This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) - Version:3.0
Severity Rating: Moderate - Revision Note: V3.0 (January 12, 2010): Rereleased this bulletin to add Windows Embedded CE 6.0 to affected software. The new update for Windows Embedded CE 6.0 (KB974616) is available from the Microsoft Download Center only. Customers using the Windows Embedded CE 6.0 platform should consider applying the update. No other update packages are affected by this rerelease.Summary: This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin.

MS08-013 – Critical: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) - Version:1.4
Severity Rating: Critical - Revision Note: V1.4 (January 12, 2010): Bulletin updated: Corrected the bulletin replaced information for Microsoft Office 2003 Service Pack 2.Summary: This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Advisory (979267): Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
Revision Note: V1.0 (January 12, 2010): Advisory published.Summary: Security Advisory

MS09-058 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (December 21, 2009): Added a link to Microsoft Knowledge Base Article 971486 under Known Issues in the Executive Summary.Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

MS09-037 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) - Version:2.1
Severity Rating: Critical - Revision Note: V2.1 (December 16, 2009): Added a link to Microsoft Knowledge Base Article 973908 under Known Issues in the Executive Summary.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-072 - Critical: Cumulative Security Update for Internet Explorer (976325) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (December 9, 2009): Corrected a reference to Microsoft Knowledge Base Article 976749 in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Also corrected, in the Security Update Deployment section, the registry key for verification of the update for Internet Explorer 7 for all supported x64-based editions of Windows XP.Summary: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section.

MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (December 9, 2009): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision. This is an informational change only.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication.

MS09-070 - Important: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (December 9, 2009): Corrected the SMS 2.0 and SMS 2003 with SUIT entries for Windows Server 2003 x64 Edition Service Pack 2 in the SMS table. This is an information change only.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.

MS08-037 – Important: Vulnerabilities in DNS Could Allow Spoofing (953230) - Version:3.1
Severity Rating: Important - Revision Note: V3.1 (December 9, 2009): Corrected the registry key verification and removal information in the reference table for the DNS client on Microsoft Windows 2000 Service Pack 4 (KB951748). This is an informational change only.Summary: This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network

MS09-074 - Critical: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (December 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-069 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) - Version:1.0
Severity Rating: Important - Revision Note: V1.0 (December 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.

Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Revision Note: V2.0 (December 8, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bulletin MS09-072 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-072. The vulnerability addressed is the HTML Object Memory Corruption Vulnerability - CVE-2009-3672.

Microsoft Security Advisory (974926): Credential Relaying Attacks on Integrated Windows Authentication
Revision Note: V1.0 (December 8, 2009): Advisory published.Summary: This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect against these attacks.

Microsoft Security Advisory (954157): Security Enhancements for the Indeo Codec
Revision Note: V1.0 (December 8, 2009): Advisory published.Summary: Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.