Critical October Security patches

Microsoft today released a huge security patch. This includes 13 fixes out of which 6 updates are given as critical and they have the highest priority.

As we see in the priority list given by Microsoft, half of the security patches has something to do with day to day activities of the users or at worst at the server level.

As a web developer I am really concerned about patches for Internet Explorer, .Net CLR and Silver light. As a normal user the patch for Media Runtime and Media Player interests me, because I download loads of media content.

Below are the critical patches as recommended by Microsoft.

MS09-052	Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-050	Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
MS09-054	Cumulative Security Update for Internet Explorer (974455) This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-061	Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.
MS09-062	Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-052	Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Also to check for the missing security updates and misconfigurations we can use Microsoft Baseline Security Analyzer.

For MS09-061 the current vulnerabilities are explained here as follows:

1. The first issue results from the manner in which Microsoft .NET verifiable code is verified, which could allow attackers to obtain a managed pointer to stack memory that is no longer used, leading to arbitrary code execution.
2. The second vulnerability results from the manner in which Microsoft .NET verifiable code is verified, which could allow attackers to bypass a type equality check and execute arbitrary code.
3. The third issue results from the manner in which the Microsoft .NET Common Language Runtime (CLR) handles interfaces, which could allow attackers to execute arbitrary code via a malicious application.