Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly heavy month—the vendor is releasing eight bulletins covering a total of 21 vulnerabilities. Two of these issues are covered in more than one bulletin: CVE-2008-2540 in MS09-015 and MS09-014, and CVE-2009-0550 in MS09-013 and MS09-014.
Ten of the issues, rated “Critical,” are remote code-execution vulnerabilities affecting WordPad, Word, DirectX, Windows HTTP services, Internet Explorer, and Excel. The remaining issues, rated “Important” and “Moderate,” affect Windows, Internet Explorer, ISA Server, WordPad, and Windows HTTP services. Nearly all of the bulletins this month address issues that were previously disclosed or are variants of those issues.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Block external access at the...