14 DAY TRIAL // A total of five security bulletins designed to patch no less than eight vulnerabilities impacting various Windows releases was made available via Windows Update on September 8th, 2009. As it is customary, Microsoft also bundled the patches for security holes in Windows operating systems in a single package and made it available as a standalone download. Users are now able to grab the September 2009 Security Release ISO Image from the Microsoft Download Center. The DVD5 ISO image file contains all the five security bulletins offered on September 8th, as well as MS09-037, which was rereleased by Microsoft.
“This month we released five critical bulletins to address vulnerabilities in Windows and protect customers from two types of threats: 1. Browser based attacks where websites hosting malicious code attempt to compromise visitors. This includes MS09-045, MS09-046 and MS09-047. 2. Network based scenarios where attackers attempt Remote Code Execution (RCE) or Denial-of-Service (DoS) type attacks. This includes MS09-048 and MS09-049,” revealed Jerry Bryant, senior security program manager for Microsoft.
Although the eight vulnerabilities patched this month affect various versions of Windows client and server operating system, none of them impact Windows 7 and Windows Server 2008 R2. Bryant made it a point to squash speculation indicating that Windows 7 and its server counterpart contained the vulnerable code just as Windows Vista or Windows XP. According to Microsoft, since they were released to manufacturing on July 22nd, 2009, both Windows 7 and Windows Server 2008 R2 are treated the same as any other Windows release, and even Important and Moderate vulnerabilities would have been patched.
“We re-released MS09-037. This bulletin for vulnerabilities in the Active Template Library (ATL), affecting components that shipped with Windows, was originally released in August 2009. In our ongoing investigation into the ATL issue, we identified a related vulnerable control so this bulletin has been updated to include it. This additional update affects users of Windows XP Media Center 2005 and Windows Vista systems. It is important to note that to date, we have not seen any new controls being used in active attacks,” Bryant explained.
September 2009 Security Release ISO Image is available for download here.