Hi folks!!!

Its patch tuesday again. This time MS has released 1 critical and 2 important patches.

Details:

1. Microsoft Security Bulletin MS09-006 – Critical
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)

This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

The security update addresses the vulnerabilities by validating input passed from user mode through the kernel component of GDI, correcting the way that the kernel validates handles, and changing the way that the Windows kernel handles specially crafted invalid pointers
Beware of this one.  This might be in wild once publicly disclosed.

http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx?pubDate=2009-03-10

2. Microsoft Security Bulletin MS09-007 – Important
Vulnerability in SChannel Could Allow Spoofing (960225)

This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.

This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

The security update addresses the vulnerability by modifying the way that the server parses key exchange data during the TLS handshake.

http://www.microsoft.com/technet/security/bulletin/ms09-007.mspx?pubDate=2009-03-10

3. Microsoft Security Bulletin MS09-008 – Important
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)

This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008.

The security update addresses the vulnerabilities by correcting the way that Windows DNS servers cache and validate queries, and by modifying the way that Windows DNS servers and Windows WINS servers handle WPAD and ISATAP registration.

http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx?pubDate=2009-03-10

Without wasting much time, Admins lets get to work 

Similar Posts you might be interested in:

• Microsoft 10 Feb – patch tuesday
• 9th June 09- Patch tuesday
• Microsoft releases MS-08 Dec packed with 28 patches