Added support for February 2009 Microsoft security updates

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 7
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003486

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS09-005 - Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
  • MS09-004 - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
  • MS09-003 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
  • MS09-002 - Cumulative Security Update for Internet Explorer (961260)


More Information:

MS09-005
Severity Rating: Important
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

Description:

This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, and Microsoft Office Visio 2007 Service Pack 1.

Included Updates:

  • Security Update for Microsoft Office Visio 2007 (KB957831)
  • Security Update for Microsoft Office Visio 2003 (KB955655)
  • Security Update for Microsoft Visio 2002 (KB955654)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx


MS09-004
Severity Rating: Important
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

Description:

This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue. This security update is rated Important for supported releases of SQL Server 2000, SQL Server 2005 Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

Included Updates:

  • Security Update for Windows Server 2003 x64 Edition (KB960082)
  • Security Update for Windows Server 2003 (KB960082)
  • Security Update for Windows Server 2003 and Windows Server 2008 (KB960089)
  • Security Update for Windows Server 2003 and Windows Server 2008 for x64-based Systems (KB960089)
  • Security Update for SQL Server 2000 Service Pack 4 Failover Clustering (KB960083)
  • Security Update for SQL Server 2000 Service Pack 4 (KB960083)
  • Security Update for SQL Server 2000 Service Pack 4 Failover Clustering (KB960082)
  • Security Update for SQL Server 2000 Service Pack 4 (KB960082)
  • Security Update for SQL Server 2005 Service Pack 2 Failover Clustering (KB960090)
  • Security Update for SQL Server 2005 Service Pack 2 (KB960090)
  • Security Update for SQL Server 2005 Service Pack 2 Failover Clustering (KB960089)
  • Security Update for SQL Server 2005 Service Pack 2 (KB960089)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx


MS09-003
Severity Rating: Critical
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Description:

This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007.

Included Updates:

  • Security Update for Exchange Server 2003 Service Pack 2 (KB959897) - Cluster
  • Security Update for Exchange Server 2003 Service Pack 2 (KB959897) - Non-cluster
  • Security Update for Exchange 2000 Server Service Pack 3 (KB959897)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx


MS09-002
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (961260)

Description:

This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate.

Included Updates:

  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB961260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB961260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition(KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB961260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB961260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista x64 Edition(KB961260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB961260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition(KB961260)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx

Note