Published: 2009-09-13T05:20+00:00    Last Updated: 2009-09-13T05:20+00:00

JVNTR-2009-22
Microsoft Updates for Multiple Vulnerabilities (TA09-251A)

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows, and Windows Server.

Event Information


Date (UTC)Description
2009-09-09 01:51 JPCERT/CC
JPCERT-AT-2009-0018: September 2009 Microsoft Security Bulletin (five critical patches)
2009-09-08 20:27 SANS Internet Storm Center
Microsoft September 2009 Black Tuesday Overview
Overview of the September 2009 Microsoft patches and their status.
2009-09-08 20:10 Microsoft
ms09-sep: Microsoft Security Bulletin Summary for September 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2009-09-08 19:55 US-CERT
TA09-251A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2009-09-08 19:32 Symantec
ThreatCON (1) => (2)
Microsoft has released the scheduled security bulletins for September. Customers are advised to install the updates as soon as possible.
2009-09-08 18:29 US-CERT
Microsoft Releases September Security Bulletin
US-CERT Current Activity
Microsoft has released Microsoft Security Bulletin Summary for September 2009. September's Bulletin includes updates to address multiple vulnerabilities in Microsoft Windows. These vulnerabilities may allow an attacker to execute arbitrary code.
2009-09-08 CERT-FI
CERT-FI Advisory on the Outpost24 TCP Issues
TCP/IP Zero Window Size Vulnerability (CVE-2008-4609, MS09-048)
The vulnerabilities described in this advisory can potentially affect systems and applications that run an implementation of TCP protocol (RFC793 et al.). The issues were found by the Sockstress tool developed by Outpost24.
2009-09-03 18:11 Microsoft
ms09-sep: Microsoft Security Bulletin Advance Notification for September 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2009-04-28 Zero Day Initiative (ZDI)
ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
JScript Remote Code Execution Vulnerability (CVE-2009-1920, MS09-045)
Vulnerability Reported
The specific flaw exists when parsing the jscript keyword "arguments". Because the arguments object is not available until a certain time, invoking it can result in memory corruption. Successful exploitation of this vulnerability can lead to a remote system compromise under the credentials of the current user.
2008-09-12 Recurity Labs GmbH
TCP/IP Orphaned Connections Vulnerability
TCP/IP Orphaned Connections Vulnerability (CVE-2009-1926, MS09-048)
Vulnerability Reported
The TCP/IP-Stack of the Microsoft Windows XP/Vista Operating System is vulnerable to a remote resource exhaustion vulnerability. By taking advantage of this vulnerability, an attacker can cause a connection's Transmission Control Block (TCB) to remain in memory for an indefinite amount of time without the need for the attacker to further maintain the connection's activity.