Added support for July 2009 Microsoft security updates

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003593

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
  • MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)
  • MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
  • MS09-030 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
  • MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
  • MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)


More Information:

MS09-033
Severity Rating: Important
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)

Description:

This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Important for all supported editions of Virtual PC 2004, Virtual PC 2007, and Virtual Server 2005.

Included Updates:

  • Security Update for Microsoft Virtual PC 2007 (KB969856)
  • Security Update for Microsoft Virtual PC 2007 Service Pack 1 (KB969856)
  • Security Update for Microsoft Virtual Server 2005 R2 Service Pack 1 (KB969856)
  • Security Update for Microsoft Virtual PC 2004 Service Pack 1 (KB969856)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-033.mspx


MS09-032
Severity Rating: Critical
Cumulative Security Update of ActiveX Kill Bits (973346)

Description:

This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Windows XP and Moderate for all supported editions of Windows Server 2003.

Included Updates:

  • Cumulative Security Update for ActiveX Killbits for Windows Vista for x64-based Systems (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows XP x64 Edition (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Server 2003 for Itanium-based Systems (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows 2000 (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Server 2008 x64 Edition (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Server 2008 (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Vista (KB973346)
  • Cumulative Security Update for ActiveX Killbits for Windows Server 2008 for Itanium-based Systems (KB973346)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx


MS09-031
Severity Rating: Important
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

Description:

This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation. This security update is rated Important for Microsoft Internet Security and Acceleration (ISA) Server 2006.

Included Updates:

  • Security Update for ISA Server 2006 Supportability Pack (KB 970811)
  • Security Update for ISA Server 2006 Service Pack 1 (KB 971143)
  • Security Update for ISA Server 2006 RTM (KB 970811)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-031.mspx


MS09-030
Severity Rating: Important
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)

Description:

This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Microsoft Office Publisher 2007 Service Pack 1.

Included Updates:

  • Security Update for Microsoft Office Publisher 2007 (KB969693)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-030.mspx


MS09-029
Severity Rating: Critical
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

Description:

This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB961371)
  • Security Update for Windows XP (KB961371)
  • Security Update for Windows Server 2003 x64 Edition (KB961371)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB961371)
  • Security Update for Windows Server 2003 (KB961371)
  • Security Update for Windows Server 2008 x64 Edition (KB961371)
  • Security Update for Windows Server 2008 (KB961371)
  • Security Update for Windows Vista (KB961371)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB961371)
  • Security Update for Windows Vista for x64-based Systems (KB961371)
  • Security Update for Windows 2000 (KB961371)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-029.mspx


MS09-028
Severity Rating: Critical
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

Description:

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB971633)
  • Security Update for Windows XP (KB971633)
  • Security Update for Windows Server 2003 x64 Edition (KB971633)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB971633)
  • Security Update for Windows Server 2003 (KB971633)
  • Security Update for Windows 2000 (KB971633)
  • Security Update for DirectX 9 for Windows 2000 (KB971633)
  • Security Update for DirectX 8 for Windows 2000 (KB971633)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-028.mspx


Note