Tuesday, June 9th, 2009
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the... »
Tags: a-given-user-, a-malformed-record, access-control, given-user-, privately-reported, restrict-the, security-update, the-anonymous, the-permissions, user-account, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then... »
Tags: a-malformed-record, a-user-opens, accounts-with, allow-remote, privately-reported, resolves-three, security-update, then-install, user-opens, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise... »
Tags: affected-server, and-standard, minimal-number, privately-reported, resolves-three, security-update, severity, spooler-, vulnerabilities, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results »
Tags: a-specially-crafted, from-the-search, microsoft-works, not-affected, not-installed, security-update, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file »
Tags: a-user-opens, gain-the-same, local, microsoft-works, remote-code, rights-as-the, rights-on-the, same, security, security-update, system, vulnerabilities, vulnerability
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Important - This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system »
Tags: are-subject, attacker-must, delete-data, exploit-these, full-user, microsoft-windows-, publicly-disclosed, security-update, then-install, vulnerability, windows
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft... »
Tags: a-specially-crafted, affected-system, allow-remote, are-subject, delivered-with, microsoft-windows-, resolves-two, runtime-and, security, successfully-exploited, system, take-complete, vulnerability
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or... »
Tags: a-specially-crafted, affected-system, allow-remote, code-execution, create-new, delete-data, resolves-two, security-update, successfully-exploited, system, user-rights-, vulnerabilities
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin MS09-008 and Microsoft Security Advisory 971888. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability »
Tags: a-public-report, advisory, authentication, frequently, has-completed, issue, summary
Posted in Microsoft Security Advisories | No Comments »
Tuesday, June 9th, 2009
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability »
Tags: advisory, authentication, frequently, has-completed, have-issued, issue, organization, replace-the, revision-note, security-bulletin-, security-update, summary, three-or-more
Posted in Microsoft Security Advisories | No Comments »