ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Patch Tuesday heads-up: Five 'critical' bulletins on tap

By | September 3, 2009, 2:00pm PDT

Summary: Microsoft’s September batch of security updates will include fixes for a multiple “critical” vulnerabilities affecting the Windows operating system.

Microsoft’s September batch of security updates will include fixes for a multiple “critical” vulnerabilities affecting the Windows operating system.

In all, the software maker will release five bulletins with patches for a range of flaws that could expose users to remote code execution attacks.

[ SEE: Microsoft confirms IIS zero-day flaw; Exploit code published ]

The flaws affected all supported versions of Windows, including Windows Vista and Windows Server 2008.

Microsoft describes a “critical” vulnerability as one whose exploitation could allow the propagation of an Internet worm without user action so it’s important that Windows users treat next Tuesday’s updates with the highest priority.

It is not yet clear if this month’s patches will cover the FTP in IIS vulnerability that was disclosed with exploit code earlier this week.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Vulnerability, Exploit Code, Microsoft Corp., Microsoft IIS Server, Microsoft Windows, Patches, Operating Systems, Security, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

19
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Patch Tuesday heads-up: Six 'critical' bulletins on tap
birumut Updated - 2nd May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
Informative
honeymonster 3rd Sep 2009
NOT!

This bulletin is sub-standard. Microsoft usually delivers information about which components are affected so diligent sysadmins can weigh pros and cons of allowing the patch on to certain network segments.

This bulletin is useless for that purpose.
0 Votes
+ -
informative "Yes!"
iceman884@... 4th Sep 2009
Honeymonster,
There is a link in the article that will take you to the site that will give you the info you seek, or just click on this link...
http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx

Iceman884
0 Votes
+ -
Informative NOT?
Wintel BSOD 4th Sep 2009
Because it tells the truth?

Sugar coat it any way you want to, this is swiss cheese security as usual...
0 Votes
+ -
EVERY OS HAS VULNERABILITIES
Timewellwasted 7th Sep 2009
Not a single OS to date has been without a vulnerability. And once again you add nothing of value to the discussion.

Surprising? NOT
0 Votes
+ -
RE: Patch Tuesday heads-up: Six 'critical' bulletins on tap
alkanshel 3rd Sep 2009
Fun.
0 Votes
+ -
But not quite as much fun as...
Qbt Updated - 3rd Sep 2009
...this:

http://blogs.zdnet.com/security/?p=4185
0 Votes
+ -
They're both quite...
alkanshel 4th Sep 2009
delightful. In the ironic, tragic sense.
  • Flagged
0 Votes
+ -
What do Windows Vulns
Michael Alan Goff 4th Sep 2009
have to do with Mac vulns?
0 Votes
+ -
Vulns
sirpaul1 25th Sep 2009
Java!
0 Votes
+ -
Thanx for good info
olddogv 7th Sep 2009
Many of you folks are being either too critical or too lazy. The info is complete enough. We run Win. 2K, XP, Vista, & win 7, almost entirely w/std. software, + Ubuntu Jaunty on most as backup OS. The info given is enough to know that I gotta patch, that other software probably will still work, watch out for any apple apps, and any of our contacts known to run Macs. And that these patches too important to try ignoring!
Thank you Ryan !
0 Votes
+ -
MS should have patched everything by now.
rupaa62 7th Sep 2009
You think after all of the years XP has been out that the patches for XP should be all caught up. XP should be the best patched up by now. But its amazing how many more patches there are each and every month. I know I will hear the apple people saying they don't experience the patches, but times are changing.
0 Votes
+ -
Seriously?
notsofast 7th Sep 2009
You must live in a world where software is trivial and the bad guys are dumb.

In the real world, XP has millions of lines of code and the bad guys have architects who design platforms for other bad guys to design software that exploits security holes, and they then sell that software to other bad guys.

Linux is patched regularly. If there's a supported version of linux that's as old as XP, it too is patched.

It's unlikely there will ever be a bulletproof OS. Software is designed and coded by humans, not gods.
0 Votes
+ -
No Seriously?
Timewellwasted 7th Sep 2009
Awesome post and very well put.
Thank you.
0 Votes
+ -
No, not everything.
ltoribio0@... 7th Sep 2009
From the earliest days of computers, there have been three sources of problems requiring maintenance: design flaws, implementation flaws and outside influences.

Maintenance to correct design flaws often creates new problems. The only really effective solution is complete redesign, during which you hope you haven't missed some critical factor which may create a different set of problems.

Implementation flaws are often the easiest to correct. But historically, corrections to the implementation of a program or operating system have often created new problems.

Theoretically, it may be possible to correct either or both of these types of problems to the extent that they could all be executed from ROM (read-only memory).

But outside influences are another issue. They are dynamic and beyond control of the system designers. A common example may be drawn from tax preparation applications. Each time tax law changes, the program must be altered to reflect those changes. And there are many such innocuous examples.

In contrast to the foregoing, routine requirement changes, are more pernicious ones. It is simply not possible to anticipate all the possible threats from any and all parties with malevolent intentions. New worms, viruses, and other malware are being devised every day -- and must be dealt with.

Leo Toribio
Pittsburgh, PA
0 Votes
+ -
Two for Two!
Timewellwasted 7th Sep 2009
Great Post Leo!
Two in a row on the vulnerability issue with very accurate statements. (yours and notsofast's)
I think I may have to lie down and catch my breath.
Personally being a user of both Mac and Windows I have never understood the battle between different OS users. Unless one actually believes the Mac commercials on TV, which are hilarious, inaccurate but hilarious none-the-less, the major OS manufacturers never make the claims their fans do.
0 Votes
+ -
RE: Patch Tuesday heads-up: Six 'critical' bulletins on tap
photomstr@... 7th Sep 2009
I am proud of Microsoft for making the effort. Does any "Alternate OS Supporter" truly believe Open source could even come close to achieving what Microsoft has accomplished? You are only kidding yourself Mac/Linux FaNBoY! Microsoft is actually keeping up with these useless cretins. Microsoft is making the Internet a better place for my children! Thank you, Microsoft!
0 Votes
+ -
That type of post brings down the intelligence of the rest of us
Michael Alan Goff 8th Sep 2009
please stop writing them.

Thanks. happy
0 Votes
+ -
RE: Patch Tuesday heads-up: Six 'critical' bulletins on tap
gertruded 8th Sep 2009
The Spinners are really funny today. The Windows operating system "only " has 5 critical new vunerabilities this month, after similar rates of new ones each month for years, and this is GOOD.

The OS needs a complete rewrite.
0 Votes
+ -
RE: Patch Tuesday heads-up: Six 'critical' bulletins on tap
birumut Updated - 2nd May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix