January 2010 - Posts

Cumulative Security Update for Internet Explorer (978207)

Published: January 21, 2010

http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx

General Information

Executive Summary

This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352.

Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Affected and Non-Affected Software

Affected Software

Operating System Component Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by This Update
Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1        

Microsoft Windows 2000 Service Pack 4

Internet Explorer 5.01 Service Pack 4

Remote Code Execution

Critical

MS09-072

Microsoft Windows 2000 Service Pack 4

Internet Explorer 6 Service Pack 1

Remote Code Execution

Critical

MS09-072

Internet Explorer 6        

Windows XP Service Pack 2 and Windows XP Service Pack 3

Internet Explorer 6

Remote Code Execution

Critical

MS09-072

Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 6

Remote Code Execution

Critical

MS09-072

Windows Server 2003 Service Pack 2

Internet Explorer 6

Remote Code Execution

Moderate

MS09-072

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 6

Remote Code Execution

Moderate

MS09-072

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 6

Remote Code Execution

Moderate

MS09-072

Internet Explorer 7        

Windows XP Service Pack 2 and Windows XP Service Pack 3

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Server 2003 Service Pack 2

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7

Remote Code Execution

Critical

MS09-072

Internet Explorer 8        

Windows XP Service Pack 2 and Windows XP Service Pack 3

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Server 2003 Service Pack 2

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows 7 for 32-bit Systems

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows 7 for x64-based Systems

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Server 2008 R2 for x64-based Systems**

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

Windows Server 2008 R2 for Itanium-based Systems

Internet Explorer 8

Remote Code Execution

Critical

MS09-072

**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.

Posted by Kwek
Filed under:
 I know this isn't necessarily MED-V specific but I figured that some of you may still have some old Windows 2000 or Windows XP SP2 systems running out there and would appreciate the heads up. 

As the title says, Windows XP SP2, Windows 2000 Server and Windows 2000 Professional are reaching End of Support (EOS) on July 13, 2010

(and Windows Vista RTM End of Support is on April 13, 2010). This means that regular Microsoft support and free access to security updates will come to an end for those products on those dates.

To help with planning your migration strategy to Windows 7, Windows Server 2003, Windows Server 2008 or Windows Server 2008 R2, we have the Windows 2000 End-of-Support Solution Center

which is a fantastic place to start.  It has information on planning your move, migrating clients and server roles, Small Business Server, Application Compatibility and much much more. 

It's a definite must-see site and you can check out all the details at http://support.microsoft.com/win2000.

Posted by Kwek
From 1st of January 2010 - 31st March 2010, buy any book online from www.mspress.sg and get a shot to take part in our quiz.
Answer 2 simple questions correctly and you stand a chance to win a XBOX 360 Elite!

The more books you buy, the more chances to win.

For more information visit http://www.iaffinity.com/contest/edm/sg/

Terms & Conditions

  • Contest is only open to individuals having a Singapore Delivery Address.
  • Qualifying period for this contest commences on 1 January 2010 and ends on 31 March 2010 (both dates inclusive).
  • Multiple entries to this contest are permitted. Each correctly completed entry in the quiz will be entitled to at least 1 draw chance subjected to the balance from the quiz.
  • Purchase(s) paid through Cheque may only claim eligibility after Cheque is cleared.
  • Each successful entry to this contest may be entitled to a mystery gift based on availability and prior notice by the participating web store.
  • The luck draw will be conducted randomly through the computer system on 1st of each month by BIZ-ERA.NET PTE LTD as the organizer.
  • The following persons are not entitled to participate and are disqualified from participating in the contest:
    • Employees of BIZ-ERA.NET PTE LTD and their immediate family members.
    • Employees or staff of external auditors who are directly involved in the contest and any parties which are directly involved in organizing, promoting or conducting the contest.
  • All winners will be notified via e-mail. BIZ-ERA.NET PTE LTD reserves the right to draw reserve winner(s) to substitute any winner subsequently found to be disqualified.
  • Winners must collect the prize in person. Winners are not allowed to send a representative to collect the prize on his/her behalf. All prizes unclaimed after the stated claim period shall be forfeited without any liability on the part of BIZ-ERA.NET PTE LTD.
  • All prizes offered shall be subject to availability. The prizes shall be subject to the manufacturer's terms and conditions for warranty, service and maintenance, and BIZ-ERA.NET PTE LTD do not accept any responsibility for the same.
  • Prize cannot be altered, transferred or exchanged for cash or other goods/services under any circumstances, whether in whole or part.
  • BIZ-ERA.NET PTE LTD may, at any time without notice in its sole and absolute discretion, substitute any prize with another prize of similar value.
  • BIZ-ERA.NET PTE LTD shall have the right to publish the name and the partial address of the winners in its promotional materials.
  • The decision of BIZ-ERA.NET PTE LTD on all matters relating to or in connection with this contest shall be final and binding, and no correspondence will be entertained.
  • Notwithstanding anything in these Terms and Conditions, BIZ-ERA.NET PTE LTD reserves the right at any time in its absolute discretion to amend, these Terms and Conditions without prior notification, and all participants shall be bound by these amendments.

*Terms & Conditions apply.

Posted by Kwek
Filed under: