Microsoft Patch Tuesday Update - April 2009

Ralph DeFrangesco

Yesterday was patch Tuesday and Microsoft released eight security bulletins that addressed 21 vulnerabilities, 10 of which were rated as critical. This was the largest update since October 2008, when Microsoft patched Windows, IE, Word and Excel. The patches addressed the following vulnerabilities:

 

MS09-009 (Critical) Vulnerabilities in Microsoft office Excel could cause remote code execution.

 

MS09-010 (Critical) Vulnerabilities in WordPad and Office Text converters could allow remote code execution.

 

MS09-011 (Critical) Vulnerability in Microsoft DirectShow could allow remote code execution.

 

MS09-012 (Important) Vulnerabilities in Windows could allow elevation of privilege.


 

MS09-013 (Critical) Vulnerabilities in Windows HTTP service could allow remote code execution.

 

MS09-014 (Critical) Cumulative security update for Internet Explorer.

 

MS09-015 (Moderate) Blended threat vulnerability in SearchPath could allow elevation or privilege.

 

MS09-016 (Important) Vulnerabilities in Microsoft ISA server and ForeFront threat management gateway (Business edition) could cause denial of service.

 

The patches can be downloaded by using Windows Server Update Services or Software Update Service.

 

As with all patches that Microsoft, or any other vendor, releases, all should be tested in a non-production environment to understand their impact. I often get asked about the Important or less important patches. My opinion is that all patches should be evaluated. In today's environments that are 24x7, you need to test all patches when they are released, critical or not. There's a reason they're being released.



Add Comment      Leave a comment on this blog post
Apr 16, 2009 8:38 AM Tony Stout Tony Stout  says:

Agree with the need to keep on top of patching.  Currently using your list here against what my company is doing to evaluate completeness.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.