Microsoft vient de publier 2 bulletins de sécurité qu’il est conseillé d’installer au plus vite : MS09-035 – Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) MS09-034 – Critical: Cumulative Security Update for Internet Explorer (972260) Le plus critique est bien sur le MS09-034, particulièrement à cause –AMHA- de la faille permettant le contournement de la sécurité “killbits”. Plus d’infos sur le blog MSRC et SRD

Microsoft and other security firms are warning that IE could be soon exploited based on reserved engineering techniques used by malware writers.  It’s important to apply these security updates expediently to ensure protection . Microsoft Security Updates – February 2009 http://www.microsoft.com/technet/security/bulletin/ms09-Feb.mspx http://isc.sans.org/diary.html?storyid=5836 http://www.f-secure.com/weblog/archives/00001604.html   Microsoft have released details of this month’s patches as part of February “Patch Tuesday”. The 4 patches that have been released are as follows: Critical: MS09-002 – Cumulative Security Update for Internet Explorer (961260) Affects: Internet Explorer 7 Link: http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx MS09-003 – Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) Affects: Microsoft Exchange Server 2000/2003/2007 Link: http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx Important: MS09-004 – Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) Affects: SQL Server 2000/2005 (Inc Desktop/Express Editions) Link: http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx MS09-005 – Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) Affects: Visio 2002/2003/2007 Link: http://www.microsoft.com/technet/security/bulletin/MS09-005.mspx

Note : There may be latency issues due to replication, if the page does not display keep refreshing February 10 Today Microsoft released the following Security Bulletin(s).  Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update

Looks like the December 2008 monthly security bulletins are out and the new ones include: MS08-070 : Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical” MS08-071 : Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical” MS08-072 : Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical” MS08-073 : Cumulative Security Update for Internet Explorer (958215) which is rated “Critical” MS08-074 : Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical” MS08-075 : Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical” MS08-076 : Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important” MS08-077 : Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important” For more information on these as well as all the others visit the Microsoft Security Response Center Blog at http://blogs.technet.com/msrc/archive/2008/12/09/december-2008-monthly-bulletin-release.aspx . J.C.

Revision Note: V3.0 (October 23, 2008): Added Microsoft Security Bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644). Also added the bulletin webcast link for this out-of-band security bulletin.Summary: This bulletin summary lists security bulletins released for October 2008.

As part of Microsoft’s routine, monthly security update cycle, they released eleven (11) new security bulletins: MS08-041 – Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft …

As part of Microsoft’s routine, monthly security update cycle, they released eleven (11) new security bulletins: MS08-041 – Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft …