14 DAY TRIAL // On the heels of releasing the August 2009 security bulletins via Windows Update and as standalone downloads, Microsoft has also made available the patches targeting supported Windows releases packaged as an ISO image. Now, all administrators have the possibility to leverage automated solutions for patch deployment such as Windows Server Update Services (WSUS) in their environments, and the Security Release ISO Images come to streamline the process of integrating security updates. In accordance with the tradition of Security Release ISO Image releases, the August DVD5 ISO image file brings only security updates for the Windows operating systems released on Windows Update on August 11, 2009, including those for Windows Vista SP2 and Windows XP SP3.
“Of particular note in this release is MS09-037 which is an update for Microsoft Active Template Library (ATL). Among the five updates in this bulletin is a binary level update for the Microsoft Video ActiveX Control. As you may recall, we originally released Security Advisory 972890 on July 6 in response to an active attack against this component and subsequently released Security Bulletin MS09-032 to supply an official kill bit update (rather than the temporary Microsoft Fix it supplied with the advisory). All of the included vulnerabilities were privately reported, have a critical severity and are rated ‘1’ on our exploitability index. We encourage you to deploy this update as soon as possible,” revealed Jerry Bryant, Microsoft security program manager.
On August 11, Microsoft made available a total of nine security bulletins, no less than eight of which impact Windows. In total, the Redmond-based company patched 19 vulnerabilities affecting products such as Windows, the .NET Framework, Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, Microsoft BizTalk Server and Remote Desktop Client for Mac. The software giant noted that 15 vulnerabilities out of the various security holes plugged in August put Windows users at risk, unless they were patched with the updates already available.
“If you are running a WINS server on either Windows 2000 or Windows Server 2003 then I would also call your attention to MS09-039 as this one has the potential for an un-authenticated, self-replicating attack across the network. Installing the update will protect your systems should any attacks be developed to exploit the vulnerabilities addressed in this update but at this time, we are not aware of any exploit code in the wild,” Bryant added.
The August 2009 Security Release ISO Image is available for download here.