"MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
This
security update resolves two publicly disclosed vulnerabilities and two
privately reported vulnerabilities in Microsoft WordPad and Microsoft
Office text converters. The vulnerabilities could allow remote code
execution if a specially crafted file is opened in WordPad or Microsoft
Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect
files from untrusted sources using affected versions of WordPad or
Microsoft Office Word.
MS09-013
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
This
security update resolves one publicly disclosed vulnerability and two
privately reported vulnerabilities in Microsoft Windows HTTP Services
(WinHTTP). The most severe vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights. Users whose accounts are configured to
have fewer user rights on the system could be less impacted than users
who operate with administrative user rights.
MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
This
security update resolves a privately reported vulnerability in
Microsoft DirectX. The vulnerability could allow remote code execution
if user opened a specially crafted MJPEG file. An attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with
administrative user rights.
MS09-014
Cumulative Security Update for Internet Explorer (963027)
This
security update resolves four privately reported vulnerabilities and
two publicly disclosed vulnerabilities in Internet Explorer. The
vulnerabilities could allow remote code execution if a user views a
specially crafted Web page using Internet Explorer or if a user
connects to an attacker's server by way of the HTTP protocol. Users
whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user
rights.
MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
This
security update resolves a privately reported and a publicly disclosed
vulnerability. The vulnerabilities could allow remote code execution if
the user opens a specially crafted Excel file. An attacker who
successfully exploited these vulnerabilities could take complete
control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights.
MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
This
security update resolves four publicly disclosed vulnerabilities in
Microsoft Windows. The vulnerabilities could allow elevation of
privilege if an attacker is allowed to log on to the system and then
run a specially crafted application. The attacker must be able to run
code on the local machine in order to exploit this vulnerability. An
attacker who successfully exploited any of these vulnerabilities could
take complete control over the affected system.
MS09-016
Vulnerabilities in Microsoft ISA Server and Forefront Threat
Management Gateway (Medium Business Edition) Could Cause Denial of
Service (961759)
This security update resolves a privately
reported vulnerability and a publicly disclosed vulnerability in
Microsoft Internet Security and Acceleration (ISA) Server and Microsoft
Forefront Threat Management Gateway (TMG), Medium Business Edition
(MBE). These vulnerabilities could allow denial of service if an
attacker sends specially crafted network packages to the affected
system, or information disclosure if a user clicks on a malicious URL
or visits a Web site that contains content controlled by the attacker.
MS09-015
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
This
security update resolves a publicly disclosed vulnerability in the
Windows SearchPath function that could allow elevation of privilege if
a user downloaded a specially crafted file to a specific location, then
opened an application that could load the file under certain
circumstances."
To ensure you're protected run windows update. Additional information can be found at Microsoft's Advisory below.
Microsoft Advisory: http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx
