Microsoft Security Bulletin Summary for April 2009

Microsoft Security Bulletin Summary for April 2009
Published: April 14, 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/...n/ms09-apr.mspx

Critical
Microsoft Security Bulletin MS09-010 - Critical
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
http://www.microsoft.com/technet/security/...n/MS09-010.mspx


Microsoft Security Bulletin MS09-013 - Critical
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
http://www.microsoft.com/technet/security/...n/MS09-013.mspx


Microsoft Security Bulletin MS09-011 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
http://www.microsoft.com/technet/security/...n/ms09-011.mspx


Microsoft Security Bulletin MS09-014 - Critical
Cumulative Security Update for Internet Explorer (963027)
http://www.microsoft.com/technet/security/...n/MS09-014.mspx


Microsoft Security Bulletin MS09-009 - Critical
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
http://www.microsoft.com/technet/security/...n/MS09-009.mspx



Important
Microsoft Security Bulletin MS09-012 - Important
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
http://www.microsoft.com/technet/security/...n/ms09-012.mspx


Microsoft Security Bulletin MS09-016 - Important
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
http://www.microsoft.com/technet/security/...n/MS09-016.mspx


Moderate
Microsoft Security Bulletin MS09-015 – Moderate
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
http://www.microsoft.com/technet/security/...n/MS09-015.mspx



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

*Microsoft Security Bulletin Minor Revisions - Apr. 29, 2009


MS09-012 - Important

http://www.microsoft.com/technet/security/...n/ms09-012.mspx

- Reason for Revision: V2.0 (April 29, 2009): Added an entry to the
section, Frequently Asked Questions (FAQ) Related to This
Security Update to communicate the rerelease of the
Norwegian-language update for Microsoft Windows 2000 Service
Pack 4 (KB952004). Customers who require the
Norwegian-language update need to download and install the
rereleased update. No other updates or locales are affected
by this rerelease.
- Originally posted: April 14, 2009
- Updated: April 29, 2009
- Bulletin Severity Rating: Important
- Version: 2.0

* MS08-076 - Important

http://www.microsoft.com/technet/security/...n/ms08-076.mspx
- Reason for Revision: V4.0 (April 29, 2009): Added Windows Media
Services 2008 (KB952068) on 32-bit and x64-based editions of
Windows Server 2008 Service Pack 2 as affected software.
Also, added Windows Server 2008 for Itanium-based Systems
Service Pack 2 as non-affected software. This is a detection
change only; there were no changes to the binaries. Customers
who have already successfully installed KB952068 do not need
to reinstall.
- Originally posted: December 9, 2008
- Updated: April 29, 2009
- Bulletin Severity Rating: Important
- Version: 4.0

* MS08-069 - Critical

http://www.microsoft.com/technet/security/...n/ms08-069.mspx
- Reason for Revision: V2.0 (April 29, 2009): Added Microsoft XML
Core Services 4.0 (KB954430) on 32-bit and x64-based editions
of Windows Vista Service Pack 2 and on 32-bit, x64-based, and
Itanium-based editions of Windows Server 2008 Service Pack 2
as affected software. Also added as non-affected software:
Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0 on 32-bit and x64-based editions of Windows
Vista Service Pack 2 and on 32-bit, x64-based, and
Itanium-based editions of Windows Server 2008 Service Pack 2.
This is a detection change only; there were no changes to the
binaries. Customers who have already successfully installed
KB954430 do not need to reinstall.
- Originally posted: November 11, 2008
- Updated: April 29, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

MS09-013 - Critical

Bulletin Information:

* MS09-013 - Critical

http://www.microsoft.com/technet/security/...n/ms09-013.mspx
- Reason for Revision: V1.1 (April 29, 2009): Added entry to the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to communicate that the Known issues with
this security update section in the associated Microsoft
Knowledge Base Article 960803 has been updated. This is an
informational change only.
- Originally posted: April 14, 2009
- Updated: April 29, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1