Revision Note: V1.1 (February 11, 2009): Removed erroneous reference to Microsoft SQL Server 2000 Desktop Engine (WMSDE) on Microsoft Windows 2000 Service Pack 4 from the Affected Software and Download Locations table for Windows Operating System, under MS08-040.Summary: This bulletin summary lists security bulletins released for July 2008.

Severity Rating: Critical - Revision Note: V1.2 (February 11, 2009): Clarified the class IDs for two ActiveX controls. First, listed a second class ID in the workaround, “Prevent Windows Common AVI ActiveX Control from running in Internet Explorer,” for CVE-2008-4255

The Microsoft Security Response Center (MSRC) : February 2009 Monthly Bulletin Release: http://blogs.technet.com/msrc/archive/2009/02/10/february-2009-monthly-bulletin-release.aspx Notice I said ‘getting ready for’ not that I am yet.  Tuesday when the security patches come out, I start on my testing process.  I see what the patches do, I start reviewing the bulletins to see if I can find a reason to NOT run screaming to the server and patch immediately.  It’s not that I don’t want to patch, it’s that I want to patch when I am ready to patch.  Typically in a firm, being ready to patch does not mean throwing those on a server when you haven’t at least read the bulletin, ran them on a test bed and understood what their impact is.  It annoys me when I see consultants come into the newsgroups and say “some patches installed last night and now I have this issue”.  Always know EXACTLY what patches you have deployed to your systems. Sign up for that webcast and understand the issues before deploying the patches on servers. TechNet Webcast: Information About Microsoft February Security Bulletins (Level 200): http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032395122

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-002.

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-002.

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-002. To find out if other security updates are available for you, see the Additional Information section of this page

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-002. To find out if other security updates are available for you, see the Additional Information section at the bottom of this page.

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-002. To find out if other security updates are available for you, see the Additional Information section at the bottom of this page

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-002. To find out if other security updates are available for you, see the Additional Information section of this page.

Security issues have been identified in Active X controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft.

Security issues have been identified in Active X controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft.

Security issues have been identified in Active X controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it.