Microsoft Patch TuesdaySep 8th 2009.
Sep 8th 2009.
By: Greg Lambert
Application Compatibility Update
Executive Summary
September 2009 brings a moderate Microsoft Patch Tuesday update from Microsoft with five CRITICAL
Security updates. All five Microsoft Security Updates (MS09-45 to MS09-49) will require system reboots
and relate to Remote Code Execution. The ChangeBASE team has raised the system reboot ratings for
patch MS09-046 and MS09-047 to "Require a Reboot" from "May require a reboot" due to the nature of
the files updated and the impact on standard desktop workstation environments.
The expectation from the ChangeBASE team is that the five September Microsoft updates are not likely to
cause serious OS level or application compatibility issues. Sample results from the AOK report generator
for Microsoft Office 2003 has been included here;
 Testing Summary- MS09-045 : Marginal Impact (both Package level and dependencies) detected across portfolio.
- MS09-046 : Marginal Impact (both Package level and dependencies) detected across portfolio.
- MS09-047 : Marginal Impact (both Package level and dependencies) detected across portfolio.
- MS09-048 : Marginal Impact (both Package level and dependencies) detected across portfolio.
- MS09-049 : Marginal Impact (both Package level and dependencies) detected across portfolio.
| Patch Name | Total
Issues | Matches
Affected | Reboot | Rating | RAG |
|---|
| Microsoft Security Bulletin MS09-045 | <1% | <1% | YES | Critical |  | | Microsoft Security Bulletin MS09-046 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-047 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-048 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-049 | <1% | <1% | YES | Critical | |
Legend: | No Issues Detected |  | Potentially fixable application Impact |  | Serious Compatibility Issue |
Security Update Detailed Summary| MS09-045 | Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) | | Description | This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | | Payload | Jscript.dll | | Impact | Critical |
| MS09-046 | Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) | | Description | This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | | Payload | Triedit.dll | | Impact | Critical |
| MS09-047 | Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) | | Description | This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | | Payload | Wwmvcore.dll | | Impact | Critical |
| MS09-048 | Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) | | Description | This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | | Payload | Tcpip.sys, Tcpip6.sys, W03a3409.dll, Ww03a3409.dll | | Impact | Critical |
| MS09-049 | Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) | | Description | This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability. | | Payload | L2sechc.dll, L2sechc.mof, Gatherwirelessinfo.vbs, Gatherwirelessinfo.xslt, eport.system.wireless.xml, Rules.system.wireless.xml, Wireless diagnostics.xml, Wlan.mof, Wlan.tmf, Wlanapi.dll, Wlanhlp.dll, Wlanmsm.dll, Wlansec.dll, Wlansvc.dll | | Impact | Critical |
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
|
