MS Partner logo

Added support for November 2009 Microsoft security updates

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003681

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS09-068 - Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
  • MS09-067 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
  • MS09-066 - Vulnerability in Active Directory Could Allow Denial of Service (973309)
  • MS09-065 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
  • MS09-064 - Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
  • MS09-063 - Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)


More Information:

MS09-068
Severity Rating: Important
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)

Description:

This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer.

Included Updates:

  • Security Update for Microsoft Word 2002 (KB973444)
  • Security Update for Microsoft Word Viewer 2003 (KB973866)
  • Security Update for Microsoft Office Word 2003 (KB973443)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-068.mspx


MS09-067
Severity Rating: Important
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

Description:

This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack. The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records.

Included Updates:

  • Security Update for Microsoft Excel 2002 (KB973471)
  • Security Update for Microsoft Office Excel Viewer (KB973707)
  • Security Update for the 2007 Microsoft Office System (KB973704)
  • Security Update for Microsoft Office Excel 2007 (KB973593)
  • Security Update for Microsoft Office Excel Viewer 2003 (KB973484)
  • Security Update for Microsoft Office Excel 2003 (KB973475)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-067.mspx


MS09-066
Severity Rating: Important
Vulnerability in Active Directory Could Allow Denial of Service (973309)

Description:

This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS. This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008.

Included Updates:

  • Security Update for Windows 2000 (KB973037)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB973037)
  • Security Update for Windows Server 2003 x64 Edition (KB973037)
  • Security Update for Windows Server 2008 (KB973037)
  • Security Update for Windows XP x64 Edition (KB973039)
  • Security Update for Windows Server 2008 x64 Edition (KB973037)
  • Security Update for Windows XP (KB973039)
  • Security Update for Windows Server 2003 x64 Edition (KB973039)
  • Security Update for Windows Server 2003 (KB973037)
  • Security Update for Windows Server 2003 (KB973039)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-066.mspx


MS09-065
Severity Rating: Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

Description:

This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB969947)
  • Security Update for Windows XP (KB969947)
  • Security Update for Windows Server 2003 x64 Edition (KB969947)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB969947)
  • Security Update for Windows Server 2003 (KB969947)
  • Security Update for Windows 2000 (KB969947)
  • Security Update for Windows Server 2008 x64 Edition (KB969947)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB969947)
  • Security Update for Windows Vista for x64-based Systems (KB969947)
  • Security Update for Windows Server 2008 (KB969947)
  • Security Update for Windows Vista (KB969947)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-065.mspx


MS09-064
Severity Rating: Critical
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. This security update is rated Critical for Microsoft Windows 2000.

Included Updates:

  • Security Update for Windows 2000 (KB974783)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-064.mspx


MS09-063
Severity Rating: Critical
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)

Description:

This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.

Included Updates:

  • Security Update for Windows Server 2008 (KB973565)
  • Security Update for Windows Vista for x64-based Systems (KB973565)
  • Security Update for Windows Vista (KB973565)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB973565)
  • Security Update for Windows Server 2008 x64 Edition (KB973565)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-063.mspx


Note