[Important] - IT Security Services - Microsoft security bulletins - Oct 2009

To Administrators of computers running Microsoft products

ITSS-Advisory : MEDIUM : Microsoft : Various Products : Various Issues

It would be appreciated if this information can be communicated
to students and staff through appropriate means, such as notice
boards or linked through web information services.
The web address of this article is:
[http://www.infodiv.unimelb.edu.au/it-security/1-14-10-2009.html]


THREAT LEVEL
============
Medium.


INFORMATION
===========
Microsoft has released 13 bulletins in its scheduled publication for October 2009.
The bulletins are summarised below:

Affected: GDI+
Impact: Remote Code Execution
Rating: Critical
Known Issues: [http://support.microsoft.com/kb/957488]
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-062.mspx]

Affected: .NET Common Language Runtime
Impact: Remote Code Execution
Rating: Critical
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-061.mspx]

Affected: Active Template Library (ATL) ActiveX Controls
Impact: Remote Code Execution
Rating: Critical
Known Issues: [http://support.microsoft.com/kb/973965]
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx]

Affected: Local Security Authority Subsystem Service
Impact: Denial of Service
Rating: Important
Known Issues: [http://support.microsoft.com/kb/975467]
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx]

Affected: Windows Kernel
Impact: Elevation of Privilege
Rating: Important
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-058.mspx]

Affected: Indexing Service
Impact: Remote Code Execution
Rating: Important
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-057.mspx]

Affected: CryptoAPI
Impact: Spoofing
Rating: Important
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx]

Affected: ActiveX controls
Impact: Remote Code Execution
Rating: Critical
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx]

Affected: Internet Explorer
Impact: Remote Code Execution
Rating: Critical
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx]

Affected: FTP Service for Internet Information Services
Impact: Remote Code Execution
Rating: Important
Known Issues: [http://support.microsoft.com/kb/975254]
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx]

Affected: Media Player
Impact: Remote Code Execution
Rating: Critical
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-052.mspx]

Affected: Media Runtime
Impact: Remote Code Execution
Rating: Critical
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-051.mspx]

Affected: SMBv2
Impact: Remote Code Execution
Rating: Critical
Known Issues: None
Link: [http://www.microsoft.com/technet/security/Bulletin/MS09-050.mspx]


ACTION
======
Administrators of affected computers are advised to review the bulletins,
test and apply relevant updates.

Computers in the testbed will have the patches applied immediately, and
their performance will be monitored. The effects of the patch on these
computers will be sent to its-announce@unimelb.edu.au by early afternoon
on Fri 16 Oct 2009.

announced at 14/10/2009