Home

IT Service Centre
About us Our Program(ITUS) Our Charter Service Catalogue Organisation Structure Feedback Contact Us About Announcements Becoming Submitter Constructing Announcements Submit An Announcement Receiving Announcements (via Email) Finding Announcements Service Status IT Service Desk IT Announcements Log a Request Check Request Status IT Service Knowledge Base IT Service Management Support IT Service Management Tools Enquiry Software Distribution Flite Mailing Lists Subscribe to FLITE or LANgroup Enterprise App. Service Desk(Themis) Themis Announcements Log a Reqeust Check Request Status Themis Quick Reference Cards Telephony Services Telephone Announcements Log a Reqeust Check Request Status Telephone Systems Knowledge Base Knowledge Base IT Service Telephone Systems Themis Services Check list of Services that can be requested to the Service Desks

[Important] - Desktop Support - Windows Updates (WSUS) - October 2009

To Windows Desktop and Server Administrators

Microsoft has this month released a total of 14 Security bulletins rated as Critical and Important:

[http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx]

Following the announcement from the IT Security Services office, users who are participating in the Microsoft Windows Update pre-release testing, are requested to update and monitor the progress of today's patches.

Please refer to the notice for detailed information about the updates released, which is located at:
[http://www.infodiv.unimelb.edu.au/it-security/1-14-10-2009.html]
A summary of the bulletins and related Microsoft KB numbers are as follows:

Critical:
- MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
[http://go.microsoft.com/fwlink/?LinkId=163970]

- MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
[http://go.microsoft.com/fwlink/?LinkId=125438]

- MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
[http://go.microsoft.com/fwlink/?LinkId=163913]

- MS09-054 Cumulative Security Update for Internet Explorer (974455)
[http://go.microsoft.com/fwlink/?LinkId=163979]

- MS09-055 Cumulative Security Update of ActiveX Kill Bits (973525)
[http://go.microsoft.com/fwlink/?LinkId=158202]

- MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
[http://go.microsoft.com/fwlink/?LinkId=160633]

- MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
[http://go.microsoft.com/fwlink/?LinkId=160527]

- MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) [http://go.microsoft.com/fwlink/?LinkID=161342]

-Revised MS09-037 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
[http://go.microsoft.com/fwlink/?LinkId=158695]

Important:
- MS09-053 Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
[http://go.microsoft.com/fwlink/?LinkId=164004]

- MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) [http://go.microsoft.com/fwlink/?LinkID=163830]

- MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) [http://go.microsoft.com/fwlink/?LinkID=163832]

- MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) [http://go.microsoft.com/fwlink/?LinkId=162442]

- MS09-059 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
[http://go.microsoft.com/fwlink/?LinkID=163843]

The following non-security updates will also be distributed following testing:

KB947821 - System Update Readiness Tool for Windows Vista/7 and Server 2008 [September 2009]
[http://support.microsoft.com/kb/947821]
This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.

KB974332 - Windows 7/Server 2008 R2 Application Compatibility Update
http://support.microsoft.com/KB/974332

KB931125 - Update for Root Certificates [September 2009]
[http://support.microsoft.com/kb/931125]
This item updates the list of root certificates on your computer to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. Adding additional root certificates to your computer enables you to use Extended Validation (EV) certificates in Internet Explorer 7, a greater range of security enhanced Web browsing, encrypted e-mail, and security enhanced code delivery.

Action Required:
===========
Users participating in the collaborative testing program are requested to visit the Microsoft Windows Updates website at: [http://windowsupdate.microsoft.com] to download and install the newly released updates.
Performance of computers being tested should be monitored and feedback returned to [wsus-reports@unimelb.edu.au] by Friday morning when updates will be released on the central WSUS service.

Auto-approval for Definition Updates from ID-WSUS =================================================
In the past, definition updates for products such as Windows Defender, Windows Mail and Outlook junk mail definitions, Forefront Client Security and Anti-spyware definitions were approved once a month.
Taking into account the requirement for definition updates to be available as soon as possible, Information Services has taken the step to auto-approve distribution of these definition updates on ID-WSUS.
There will be no change to the existing process of testing other categories of updates (Security, Critical and Important) before approval on ID-WSUS.
Likewise, there is no change in the policy of not distributing Microsoft Service Packs from ID-WSUS.

announced at 14/10/2009

top of page

Information Technology Services IT Services Centre

IT Service Centre

[Important] - Desktop Support - Windows Updates (WSUS) - October 2009

Information Technology Services
IT Services Centre