Skip Links

Network World

Julie Bort

Microsoft Patch Tuesday: 31 fixes, 18 critical and a new record

By Microsoft Subnet on Wed, 06/10/09 - 11:44am.
Newsletter Signup

Microsoft set a record on Tuesday for the number of patches included in this month's Patch Tuesday. 10 updates fix 31 vulnerabilities in Windows, Internet Explorer (IE), Excel, Word, Windows Search and other programs, including 18 bugs marked "critical." Six of the patches fix some part of Windows, three are aimed at Office and one at IE. 11 patches were tagged as "important," and two were judged "moderate."

Shavlik Technologies' CTO Eric Schultze recommends installing  the following patches first:
 - IIS patch (for webdav 0-day)
 - IE8 patch (for IE8 0-day)
 - Active Directory patch for Windows 2000

Shavlik makes patch management software.

For more details about this month's Patch Tuesday, check out: Microsoft sets record with huge Windows, IE, Office update

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

IE plummets in European marketshare
Microsoft offers patch to remove sneaky .Net Firefox add-on
WS2008 R2 to be available Oct. 22, too
EU may require Microsoft to include more browsers with Windows
XP users: more incentive to move to Linux than W7, some say
Badda-Bing: Apple's Woz loves Microsoft's new search engine, Bing
June giveaways: Microsoft books and training up for grabs
12 killer freebie SharePoint add-ons

Follow Microsoft Subnet on Twitter

More from Shavlik's Eric Schultze on the giant Patch Tuesday

0

Here is a statement from Eric Schultze sent to Microsoft Subnet via e-mail:

"Microsoft released 10 security bulletins today. 6 of the bulletins impact the Operating System, 1 for Internet Explorer, and three for Office (Word, Excel, Works).

"Interesting notes for today:
1. Microsoft has patched the IIS WebDav 0-day. This flaw enables information disclosure but does not directly allow code execution. Some of the information that could be obtained via information disclosure could lead to code execution via other applications on the system (SQL usernames and passwords, etc), depending upon how the system was configured. Users should patch their IIS webservers soon with this patch.

"2. Microsoft has patched the IE8 0-day that was identified at the CanSecWest conference. This flaw enables code execution against Windows XP systems running IE8. Get XP IE8 systems patched right away.

"3. Microsoft has NOT released a patch for the DirectShow QuickTime parsing 0-day vulnerability. We expect we'll see a patch for this next month. In the meantime, Microsoft has published a one-click workaround for this issue. Goto http://support.microsoft.com/kb/971778 and click the "Fix It" button. The workaround cures the vulnerability and still enables QuickTime and DirectShow applications to function. Customers who have tested the workaround say that they've suffered no negative consequences from applying the workaround. The above referenced KB article also includes information on how enterprises can push out this fix using Group Policy.

"4. Microsoft has released a Mac patch for PowerPoint for the MS09-017 vulnerability. This issue was patched in May for Windows systems - Microsoft didn't have the Mac patch available at that time. It's now available and should be installed on PowerPoint for the Mac systems.

"5. Microsoft has released a non-security update (KB971888) to more fully address wpad configuration concerns. This update limits devolution to 2 levels and should mitigate concerns that some customers voiced about the previously released wpad security patch.

"Shavlik recommends installing the following patches first:
- IIS patch (for webdav 0-day)
- IE8 patch (for IE8 0-day)
- Active Directory patch for Windows 2000."

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Microsoft Subnet Blog

The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, and is written by Online Community editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.

(OS community)
RSS feed (Microsoft RSS feed)

Blog Roll
Microsoft Subnet Home Page
http://www.networkworld.com/subnets/microsoft/
All Microsoft Subnet bloggers
http://www.networkworld.com/community/blogs/microsoft/feed
ActiveWin
http://www.activewin.com
Blake Handler The Road to Know Where
http://bhandler.spaces.live.com/
Dmitry's PowerBlog
http://dmitrysotnikov.wordpress.com/
Doug Brown,DABCC
http://www.dabcc.com
Ed Bott's Windows Expertise
http://www.edbott.com/weblog/
Joseph Tartakoff Microsoft Blog
http://blog.seattlepi.nwsource.com/microsoft/
Long Zheng istartedsomething
http://www.istartedsomething.com/
Mini-Microsoft
http://minimsft.blogspot.com/
Paul Thurrott's Supersite for Windows
http://www.winsupersite.com
Robert McLaws WindowsNow
http://www.windows-now.com
Scobleizer
http://scobleizer.com/
Techmeme
http://www.techmeme.com/
Todd Bishop's Microsoft Blog
http://www.techflash.com/Microsoft