As is custom over at Microsoft, today for Patch Tuesday the MSRC (Microsoft Security Research Center) released it’s August 2009 Microsoft Security Patches.  9 Security updates in total. Although a few of the updates fix the standard issues (IE: Go to an infected website and possibly get infected with Malicious code/virus), there are a few I feel are worth a mention to you groovyReaders.  Here’s a quick summary of what I found interesting this month:  

MS09-044 – This is a new type of exploit involving the Popular Remote Desktop Client.  Not very interesting however because you would need to visit an infected server in order for the exploit to take advantage of a hole in the RDP client.MS09-038 – Ok now were getting more interesting.  In MS09-038 all you need to do is open a malicious AVI file.  Much more likely being that you can email and share .AVI files with friends and family.MS09-041 – Now things are getting scary.  MS09-041 should scare corporate IT teams.  This patch fixes an issue where an attacker could send a malicious network packet to a PC or Server and take complete control of the system.  Very bad since the payload could be delivered VIA email or some other method then spread quickly throughout the environment like a worm.  Very nasty.  Hopefully, your Corporate IT guys have firewalls enabled for all their desktops, and their servers are segmented off the “Standard” user network.  The good news is it would have to be an internal attack. However, like I said, these days it’s not impossible to get something executed internally.MS09-036 – Another bad one.  If you have Windows Server 2008 running IIS 7 on the Internet, your website MIGHT be vulnerable to a Denial of Service attack (DOS.)  Best to have your web guys take a look at the bulletin and determine your vulnerability level.

  All the details regarding ALL the security updates can be found here: http://www.microsoft.com/technet/security/bulletin/MS09-aug.mspx       Thank fully, Microsoft is responsible and still releases Security updates for all these old operating systems. Comment

Δ