September 2009 Security Patches

section: microsoft, for your questions: KezNews forum, 9.9.2009

Tip: Click here to update all your PC's outdated drivers

This month MS released five critical bulletins to address vulnerabilities in Windows and protect customers from two types of threats.

1. Browser based attacks where websites hosting malicious code attempt to compromise visitors. This includes MS09-045, MS09-046 and MS09-047.

2. Network based scenarios where attackers attempt Remote Code Execution (RCE) or Denial-of-Service (DoS) type attacks. This includes MS09-048 and MS09-049.

For this set of bulletins, we consider the first category to be the biggest threat to customers overall as reflected in our Severity and Exploitability Index slide where we present a high level, aggregate view of each bulletin:

http://blogs.technet.com/photos/msrcteam/images/3279846/original.aspx

We also refer to the slide above as our risk and impact assessment. The risk of exploitation combined with the impact of the vulnerability should help customers prioritize these bulletins for deployment. To provide further guidance in this area, this month we are providing a new deployment prioritization assessment. As noted on the slide below, there are several factors that we used to determine the priority. However, there are many other potential variables that may be unique to your environment so we recommend each customer perform their own assessment and install all security updates as soon as possible.

As you can see, we give MS09-045 and MS09-047 the highest deployment priority mainly due to these being browse and own attack scenarios and a high exploitability index rating. Exploits for MS09-047 can also be created through specially crafted files such as ASF and MP3 audio files. These files could then be sent via email.

Continue September 2009 Security Bulletin Release

source: bink.nu
>> Click Here to Run a Free Scan for PC Errors <<

send email