Added support for September 2009 Microsoft security updates

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003628

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS09-049 - Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
  • MS09-048 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
  • MS09-047 - Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
  • MS09-046 - Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
  • MS09-045 - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)


More Information:

MS09-049
Severity Rating: Critical
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)

Description:

This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability. This security update is rated Critical for supported editions of Windows Vista and Important for supported editions of Windows Server 2008.

Included Updates:

  • Security Update for Windows Vista for x64-based Systems (KB970710)
  • Security Update for Windows Vista (KB970710)
  • Security Update for Windows Server 2008 x64 Edition (KB970710)
  • Security Update for Windows Server 2008 (KB970710)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-049.mspx


MS09-048
Severity Rating: Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)

Description:

This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008, and Important for all supported editions of Microsoft Windows 2000 Service Pack 4 and Windows Server 2003.

Included Updates:

  • Security Update for Windows Vista for x64-based Systems (KB967723)
  • Security Update for Windows Server 2008 x64 Edition (KB967723)
  • Security Update for Windows Vista (KB967723)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB967723)
  • Security Update for Windows Server 2008 (KB967723)
  • Security Update for Windows Server 2003 x64 Edition (KB967723)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB967723)
  • Security Update for Windows Server 2003 (KB967723)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx


MS09-047
Severity Rating: Critical
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)

Description:

This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008.

Included Updates:

  • Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816)
  • Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 2 (KB968816)
  • Security Update for Windows Media Format Runtime 9.5 for Windows Server 2003 (KB968816)
  • Security Update for Windows Media Format Runtime 9 for Windows 2000 (KB968816)
  • Security Update for Windows Media Format Runtime 11 for Windows Vista for x64-based Systems (KB968816)
  • Security Update for Windows Media Format Runtime 11 for Windows Vista (KB968816)
  • Security Update for Windows Media Format Runtime 11 for Windows Server 2008 x64 Edition (KB968816)
  • Security Update for Windows Media Format Runtime 11 for Windows Server 2008 (KB968816)
  • Security Update for 64-bit Windows Media Format Runtime 9.5 for Windows XP x64 Edition and Windows Server 2003 x64 Edition (KB968816)
  • Security Update for 32-bit Windows Media Format Runtime 9.5 for Windows XP x64 Edition (KB968816)
  • Security Update for 32-bit Windows Media Format Runtime 9.5 for Windows Server 2003 x64 Edition (KB968816)
  • Security Update for 32-bit Windows Media Format Runtime 11 for Windows XP x64 Edition (KB968816)
  • Security Update for Windows Server 2003 (KB972554)
  • Security Update for Windows Server 2003 x64 Edition (KB972554)
  • Security Update for Windows Server 2008 (KB972554)
  • Security Update for Windows Server 2008 x64 Edition (KB972554)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-047.mspx


MS09-046
Severity Rating: Critical
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)

Description:

This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP and Moderate for all supported editions of Windows Server 2003.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB956844)
  • Security Update for Windows 2000 (KB956844)
  • Security Update for Windows XP (KB956844)
  • Security Update for Windows Server 2003 x64 Edition (KB956844)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB956844)
  • Security Update for Windows Server 2003 (KB956844)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-046.mspx


MS09-045
Severity Rating: Critical
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)

Description:

This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for JScript 5.1 on Microsoft Windows 2000 Service Pack 4 and Critical for JScript 5.6, JScript 5.7 and JScript 5.8 on all supported releases of the Windows operating system except Windows 7 and Windows Server 2008 R2.

Included Updates:

  • Security Update for Jscript 5.8 for Windows XP x64 Edition (KB971961)
  • Security Update for Jscript 5.8 for Windows XP (KB971961)
  • Security Update for Jscript 5.8 for Windows Server 2003 x64 Edition (KB971961)
  • Security Update for Jscript 5.8 for Windows Server 2003 (KB971961)
  • Security Update for Jscript 5.7 for Windows XP x64 Edition (KB971961)
  • Security Update for Jscript 5.7 for Windows XP (KB971961)
  • Security Update for Jscript 5.7 for Windows Server 2003 x64 Edition (KB971961)
  • Security Update for Jscript 5.7 for Windows Server 2003 for Itanium-based Systems (KB971961)
  • Security Update for Jscript 5.7 for Windows Server 2003 (KB971961)
  • Security Update for Jscript 5.6 for Windows XP x64 Edition (KB971961)
  • Security Update for Jscript 5.6 for Windows XP (KB971961)
  • Security Update for Jscript 5.6 for Windows Server 2003 x64 Edition (KB971961)
  • Security Update for Jscript 5.6 for Windows Server 2003 for Itanium-based Systems (KB971961)
  • Security Update for Jscript 5.6 for Windows Server 2003 (KB971961)
  • Security Update for Jscript 5.8 for Windows Server 2008 (KB971961)
  • Security Update for Jscript 5.8 for Windows Vista for x64-based Systems (KB971961)
  • Security Update for Jscript 5.7 for Windows Server 2008 for Itanium-based Systems (KB971961)
  • Security Update for Jscript 5.8 for Windows Server 2008 x64 Edition (KB971961)
  • Security Update for Jscript 5.8 for Windows Vista (KB971961)
  • Security Update for Jscript 5.7 for Windows Server 2008 x64 Edition (KB971961)
  • Security Update for Jscript 5.7 for Windows Vista for x64-based Systems (KB971961)
  • Security Update for Jscript 5.7 for Windows Vista (KB971961)
  • Security Update for Jscript 5.7 for Windows Server 2008 (KB971961)
  • Security Update for Windows 2000 (KB971961)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-045.mspx


Note