Issued: October 19, 2009 Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details

Issued: October 19, 2009 Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS09-053 – Important Bulletin Information: * MS09-053 – Important – http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx – Reason for Revision: V1.1 (October 19, 2009): Removed the acknowledgments section.

Nice article summing up six years of Microsoft Patch Tuesdays: The total number of flaws disclosed and patched by the software maker so far this year stands at around 160, more than the 155 or so that Microsoft reported for all of 2008. The number of flaws reported in Microsoft products over the last two years is more than double the number of flaws disclosed in 2004 and 2005, the first two full years of Patch Tuesdays. The last time Microsoft did not release any patches on a Patch Tuesday was March 2007, more than 30 months ago.

Severity Rating: Important – Revision Note: V1.1 (October 19, 2009): Removed the acknowledgments section. Corrected the affected software and severity tables to reclassify Windows XP Professional x64 Edition Service Pack 2 as running IIS 6.0.Summary: This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected

Severity Rating: Critical – Revision Note: V1.2 (October 19, 2009): Added a link to Microsoft Knowledge Base Article 974455 under Known Issues in the Executive Summary.Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights

Issued: October 14, 2009 Summary The following bulletins have undergone a minor revision increment.

Microsoft Security Bulletin Summaries and Webcasts. Posted by on October 14th, 2009.

Below is the summary of Microsoft’s Security Bulletin Release for October 2009: This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance…( read more )

C/P Quote: Microsoft will issue its biggest ever security update on 13 October. The update will include 13 bulletins that between them tackle 34.

Severity Rating: Critical – Revision Note: V1.1 (October 14, 2009): Added Microsoft SQL Server 2005 Express Edition Service Pack 3 to the Non-Affected Software table, and updated the Developer Tools entries in the Detection and Deployment Tools and Guidance section.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content.

Severity Rating: Important – Revision Note: V1.1 (October 14, 2009): Corrected the introductory description for CVE-2009-2524 in the vulnerability information section.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

Severity Rating: Critical – Revision Note: V1.1 (October 14, 2009): Corrected the download link for Windows XP x64 Edition Service Pack2. Also removed an erroneous entry from the FAQ for CVE-2009-2493.Summary: This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control