[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: EnterpriseSecurity

autonotify at bigfix.com autonotify at bigfix.com
Thu Oct 22 02:00:52 PDT 2009 

Fixlet Site - EnterpriseSecurity
Current Version: 1271	Published: Thu, 22 Oct 2009 00:48:30  GMT

New Fixlets:
============

***************************************************************
Title: MS09-054: Cumulative Security Update for Internet Explorer - Windows Internet Explorer 8 - Windows 7
Severity: Critical
Fixlet ID: 905445
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx

Fixlet Description: Microsoft has released a security update that resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS09-054: Cumulative Security Update for Internet Explorer - Windows Internet Explorer 8 - Windows 7 (x64)
Severity: Critical
Fixlet ID: 905447
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx

Fixlet Description: Microsoft has released a security update that resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS09-055: Cumulative Security Update of ActiveX Kill Bits - Windows 7
Severity: N/A
Fixlet ID: 905517
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx

Fixlet Description: Microsoft has released a security update that addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS09-055: Cumulative Security Update of ActiveX Kill Bits - Windows 7 (x64)
Severity: N/A
Fixlet ID: 905519
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx

Fixlet Description: Microsoft has released a security update that addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS09-056: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing - Windows 7
Severity: Important
Fixlet ID: 905619
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx

Fixlet Description: Microsoft has released a security update that resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS09-056: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing - Windows 7 (x64)
Severity: Important
Fixlet ID: 905621
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx

Fixlet Description: Microsoft has released a security update that resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS09-059: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service - Windows 7
Severity: Important
Fixlet ID: 905917
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS09-059: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service - Windows 7 (x64)
Severity: Important
Fixlet ID: 905919
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

[Validate for this update, edit if necessary]Note: Microsoft has announced that this update may be included in a future service pack or update rollup.

More information about the BigFix-Announcements mailing list