14 DAY TRIAL // On the heels of the April 14, 2009 security bulletins, Microsoft has made available for download the ISO image with the patches released this month. A couple of days ago, the Redmond company made available for download no less than eight security bulletins patching a total of 23 vulnerabilities. The plugged security holes affected products such as Windows, Office, Internet Explorer and Microsoft Internet Security and Acceleration Server. The patches designed to resolve security flaws in supported Windows client and server operating systems have been packaged as an ISO image and made available for download by the Redmond company. However, all the eight security bulletins are at this point in time available via Windows Update.
Out of all the updates that went live on April 14, the following bulletins are set up to patch Windows client and server operating systems: MS09-010, MS09-011, MS09-012, MS09-013, MS09-015. All the security updates delivered by these bulletins have been integrated into the ISO image. MS09-010, MS09-011, and MS09-013 are considered Critical, as they could allow for remote code execution in the eventuality of a successful attack. MS09-012 is rated as Important, while MS09-015 comes with a severity rating of just Important.
All the security bulletins enumerated above deliver patches for operating systems including: Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. Only for Security Bulletin MS09-013 Microsoft informed that the Critical vulnerabilities in Windows HTTP Services (WinHTTP) also impact pre-release versions of Windows, such as Windows Vista SP2, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
April 2009 Security Release ISO Image is available for download here.
Christopher Budd, security response communications lead for Microsoft, broke down the April 2008 bulletin release for Softpedia:
MS09-009 (Maximum severity of Critical): This update resolves a newly discovered, privately reported and a publicly disclosed vulnerability in Microsoft Excel. This update received a 1 – Consistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-010 (Maximum severity of Critical): This update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office Text Converters. This update received a 1 – Consistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-011 (Maximum severity of Critical): This update resolves a newly discovered and privately reported vulnerability in Microsoft DirectX. This update received a 2 – Inconsistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-012 (Maximum severity of Important): This update resolves four publicly disclosed vulnerabilities in Microsoft Windows. This update received a 1 – Consistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-013 (Maximum severity of Critical): This update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). This update received a 1 – Consistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-014 (Maximum severity of Critical): This update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. This update received a 1 – Consistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-015 (Maximum severity of Moderate): This update resolves one publicly disclosed vulnerability in the Windows SearchPath function. This update received a 2 – Inconsistent Exploit Code Likely rating from Microsoft’s Exploitability Index.
MS09-016 (Maximum severity of Important): This update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). This update received a 3 – Functioning Exploit Code Unlikely rating from Microsoft’s Exploitability Index.