Home > Microsoft Security > Ms09-001

Ms09-001

Contents

MS05-014XPe Version 2.x/SP1 builds (.exe file)(3.44 MB)Critical Update: Cumulative Security Update for Internet Explorer (MS05-014) XPe version 2.x builds.01-Nov-2005169. This sets the security level for all Web sites you visit to High. For more information see the TechNet Update Management Center. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements.

Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. What systems are primarily at risk from the vulnerability? This vulnerability requires that a user be logged on and visit a Web site for any malicious action to occur. MS06-002 (908519)XPE - SP2(Jan 2006)(699 KB)MS06-002 (908519) Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution16-Jan-2006142. This is the same as unattended mode, but no status or error messages are displayed.

Ms09-001

MS09-011 (961373)XPE-SP2 (Apr 2009)(1.8 MB)MS09-011 (961373) - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution22-Apr-20095. We recommend that you block all unsolicited incoming communication from the Internet. MS08-058 (956390)XPE-SP2 (Oct 2008)(8.3 MB)MS08-058 (956390) - Cumulative Security Update for Internet Explorer07-Jan-200927. 956391XPE-SP2 (Oct 2008)(622.5 KB)956391 - Cannot Print SSRS 2005 report after installing07-Jan-200928. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements.

HotPatchingThis security update does not support HotPatching. Which of the workarounds should I apply to my system in order to be protected? Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

Click Internet, and then click Custom Level. Ms08-067 To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle. For more information about the Microsoft Update Catalog, see the Microsoft Update Catalog FAQ. https://technet.microsoft.com/en-us/library/security/ms08-dec.aspx For more information about SMS, visit the SMS Web site.

Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. MS05-039~043 ComboSP1 builds (.exe file)(535 KB)Important Update: (-040) Vulnerability in Telephony Service could allow remote code execution. Customers who have already successfully installed both the KB958437 and KB958439 update packages do not need to reinstall. Update Compatibility Evaluator and Application Compatibility Toolkit Updates often write to the same files and registry settings required for your applications to run.

Ms08-067

You’ll be auto redirected in 1 second. https://technet.microsoft.com/en-us/library/security/ms08-045.aspx HTML Component Handling Vulnerability – CVE-2008-2259 A remote code execution vulnerability exists in the way Internet Explorer handles argument validation in print preview handling. Ms09-001 Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. See search results below Top Destinations Download Center Microsoft Store Microsoft Support Microsoft Home Page Microsoft Update Security Essentials PC Hardware PC Gaming All Microsoft Sites oneMscomBlade,oneMscomFooter, results by Microsoft World

For information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387. See also Managing Internet Explorer Enhanced Security Configuration. MS08-069 (955218)XPE-SP2-Rev2 (Jan 2009)(1.6 MB)MS08-069 (955218) - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution24-Feb-200911. MS05-052_xpesp2.exeSP2 builds(5.26 MB)MS05-052 (896688) - Cumulative Security Update for Internet Explorer01-Nov-2005148.

By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. You can find them most easily by doing a keyword search for "security update." Notes for Windows Server 2008 *Windows Server 2008 server core installation affected. Microsoft conducted the development and testing of this fix on systems that have been updated with the latest security updates for Windows and Internet Explorer and, for the most stability and MS06-075 (926255)XPE-SP2(Dec 2006)(906.5 KB)MS06-075 (926255) - Vulnerability in Windows Could Allow Elevation of Privilege21-Dec-200693.

For the out-of-band security bulletin added to Version 3.0 of this bulletin summary, MS08-078, Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites.

Click the Security tab.

This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable. In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. This vulnerability is rated critical.

This security update supports the following setup switches. Affected Software and Download Locations How do I use this table? Restart Options /norestart Does not restart when installation has completed. /forcerestart Restarts the computer after installation and force other applications to close at shutdown without saving open files first. /warnrestart[:x] Presents Microsoft Server Software Search Server Bulletin Identifier MS08-077 Aggregate Severity Rating Important Microsoft Search Server Microsoft Search Server 2008 (32-bit editions)*(KB956716)(Important)Microsoft Search Server 2008 (64-bit editions)**(KB956716)(Important) Notes for MS08-077 *Includes Microsoft

If this occurs, you can disable the add-on, or revert the DEP setting using the Internet Control Panel. Inclusion in Future Service Packs The update for this issue will be included in a future service pack or update rollup Deployment Installing without user interventionWindows XP Service Pack 2 and Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstall. /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the MS06-057_xpesp2XPE-SP2(Oct 2006)(1.38 MB)MS06-057_xpesp2(923191)16-Oct-2006108.

MS06-011 (914798)SP1 builds(591 KB)Permissive Windows Services DACLs Could Allow Elevation of Privilege15-Mar-2006135. Important Update to correct situation where Windows Shell could allow remote code execution (MS05-008). V3.2 (January 7, 2009): Removed Microsoft Office Word Viewer 2003 from affected software for MS08-072. MS05-001, -002XPe Version 2.x/SP1 builds (.exe file)(1.69 MB)This package will apply Microsoft Security Update KB890175 (MS05-001) and KB891711 (MS05-002) to any XPe SP1 image.

These are the sites that will host the update, and it requires an ActiveX Control to install the update. Note For more information about the wusa.exe installer, see Microsoft Knowledge Base Article 934307. By default, Protected Mode in Internet Explorer 7 and Internet Explorer 8 Beta 2 in Windows Vista and later helps protect users and their systems from malicious downloads by restricting requests By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 run in a restricted mode that is known as Enhanced Security Configuration.

MS08-002(943485)XPE-SP2(Jan 2008)(991.92 KB)MS08-002 (943485) - Vulnerability in LSASS Could Allow Local Elevation of Privilege. File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. In all cases, however, an attacker would have no way to force users to visit these Web sites.