Microsoft Security Advisories

	Microsoft_Security_Advisory_Notification_for May 3, 2009
	Microsoft_Security_Advisory_Notification_for February 25, 2009
	Microsoft_Security_Advisory_Notification_for_February_2009
	Microsoft_Security_Bulletin_Advance_Notification_for_January_2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: April 29, 2009
********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (960715)
- Title: Update Rollup for ActiveX Kill Bits
- http://www.microsoft.com/technet/security/advisory/960715.mspx
- Revision Note: V1.1 (April 29, 2009): Added an entry to
Frequently Asked Questions to communicate that users with
Windows Server 2008 Server Core installation do not need to
install this update.

Other Information
=================

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, security bulletins, security advisories, or install security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: utf-8

wsFVAwUBSflGNGA17vDdGxdTAQglahAAz9JpMlxM4/S0AGl9wCJkPiNaTUiRBquD
9yZi+Sz0FxMVVNfsbZBysUxRi/9sfmWbEque5udjytVKQepmQso4ILTkGFgsrV1u
YtXGy29IUW1ry9Yu4BatzomWn99j1fn7asH0ucEejgUaYTI5Aluo/PWckk6AH2z8
7GML6I5r6fzGT4zA42X2JVkdyjXkg0NRs5nGfEOVXAu1jUsLMUOnw9UFKV9eZnYj
/tBJcslMSF/kTCNEXMsGGMLSnxQQBRnZoCRt5O+MqH3+KEn3CuNEky9NYihDL9lR
2EbHK2+4XTyfXDPAjh08wBeU84yx+5g7l/TY4GTRHMqBQMwwwRFEmifLh0kqqlFU
/gjyt3LKvv1hAjkzX15qsINxNmNFfSB676e+Uv2vIWDby/IC+p2gZob4oJKvvUli
IXYsAUHXl0n4oqtibhg3UPGeoVuHahuBmFv4VaHmeOfQTwVDBzbbFBQFyUcm7+XX
jg1M2Rt0upg37Ji+Wp7aBwjDtsF7aRAZp9MRwIpc66cvLLOgK0q5R8YdFFjbvOGE
wAoUZuR6gkBoP68wGIASTa4E7rWa7oS1o85ijjB/EupxLMjvRwJD6mvhTeDk3EEM
ycOEM7w8X0a5R20/c9hMNDfSL8CsAcbqk74ir+hPieCMmXKT8IQbjYoX9LmcTHOA
85pYJk20yqQ=
=RAXW
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 24, 2009
********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (968272)
- Title: Vulnerability in Microsoft Office Excel
Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/968272.mspx
- Revision Note: Advisory published
* Microsoft Security Advisory (967940)
- Title: Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
- Revision Note: Advisory published

Other Information
=================

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: utf-8

wsFVAwUBSaQ7TWA17vDdGxdTAQioCQ/9GYFzIkwSC+ZOKhs/Gil20QFONAc+T778
sCfhmxnac7gWfSd5Q+iw6MqO9soMKtUJwBhNrX9Lj7DBUQN7bbvS0GkZHVsafXUY
oOk5MRiLcX8yBZP9xY5NfUTaJPoI2ddMWqsxe2La8VIpSf7n4BDL5oOqNaAf11uC
ZNOfoIo6f/RSYXUGGG2EnrfIS9/7kGljicjwzQWlZRTtm8iTdO3SoLCBRldSt57M
BPvKl/PD1jwf0Nr+T8tpGSmztHPHu0x6e7jsZBwGX0sEHZS+Amzbgfx7JRqWCARf
6elRMLrT+IOIaF+MdYZvq5I3xawQDClbnXDIvQ1uKhHB4uVs0hGHDYOeiXin06Gi
/8g7LxEI+xOvRV61CPONI4EvMDl9ZtOwqfhEkoo4Jmk6v6tUEPeGevBiS4dGxsBE
eIIOm+YS58iGYLIzhFmQAsskesnUbRDbhuEeIlE2bgUww701YlEeVaG8NwBNBvGs
TKt38DsJbGi/DGA+/WR/XvVjbrLCIKZeTUXSbQbNBJ8ohswNFbMn+1KIxeJByA80
1D+yH/C0L0cbj71DJqw/mSWssuFavYp0KG6UjtYHps6dLBRK2gsrBkAY2HoxCfkY
L43SKT5dEETtCPaXzlMSEDp8GeoroiXhKiE3LtPzdt96u2MuhQPrs676N42oGq57
GeC8Frid7t0=
=nNMW
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification for February 2009
Issued: February 10, 2009
********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (961040)
- Title: Vulnerability in SQL Server Could Allow
Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/961040.mspx
- Revision Note: V2.0 (February 10, 2009): Advisory updated
to reflect publication of security bulletin.
* Microsoft Security Advisory (960715)
- Title: Update Rollup for ActiveX Kill Bits
- http://www.microsoft.com/technet/security/advisory/960715.mspx
- Revision Note: Advisory published.

Other Information
=================

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: utf-8

wsFVAwUBSZHuTWA17vDdGxdTAQj6zg//WrSxGUPUBWNi0EzjwDxAkdgGSkGphhk1
UeoQHsgUusWwuGeRGIiAPQUkJzfvwhx9escwPLNSm3N287Qy1z0aEVnMDKTGOE2+
7YaFS66B7oDHqVxWx1lGI9oFtgaohSqT6i1F9MlR9MwPp93C3QWodcFvG19d8mEt
TIAP8rsFVvjCDsKw8DsLXWMGpUfF4QUsSPWDvBIN1wa8O7dGmTlIuzBRk4LvKl55
Pi1/lQZZIZfGDjOnHKH5WzkQx32sayyoS2JoVLEsiTwY/BwJwyfg2LwE3A9sS6En
6GF157YAP/IT4k8DFiWQl/pPcHqCHqijgzRE2UyQcvJMDczIUUE9IAn/VNYiJ7Te
/YnC/cJ1WSyqC52YElN6O/6fK46VLu+pEHi5LmiIRVxlxmEro5aWVKjyVMO6zVAN
IWth8iK79n7VDTxHRSXHqg31EZwzo4b9ZHckfelTJx0dNBjzyBovr78tCdMWaZbq
ZOphp0BU7pSMlXVfD76PNra/QkO+HIk1x97YDLZNyzoKiY2QJm4tXFxXnDhB5XKZ
E07moWdxq061mZyyndngE3oQUnHk8iDpyT936c/j+Iiaic9UWCyyU4OBRpyEyv5i
2/HQvFvtxpxh1I5K6fHy3VuE5IJGnrsR0MA5NUlFIfjdrFJLFh4Enz74dF5E9j+6
7+TKSWvvqhI=
=RWbn
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Microsoft Security Bulletin Advance Notification for January 2009
Issued: January 8, 2009
********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on January 13, 2009.

The full version of the Microsoft Security Bulletin Advance Notification for January 2009 can be found at http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx.

This bulletin advance notification will be replaced with the January bulletin summary on January 13, 2009. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on these bulletins on Wednesday, January 14, 2009, at 11:00 AM Pacific Time (US & Canada). Register for the January Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides the software subject as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins
============================

Windows Bulletin

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

Other Information
=================

Microsoft Windows Malicious Software Removal Tool:
==================================================
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:
========================================================
For information about non-security releases on Windows Update and Microsoft update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content.
Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
Revised, and Released Updates for Microsoft Products Other Than
Microsoft Windows

Microsoft Active Protections Program (MAPP) ===========================================
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed at http://www.microsoft.com/security/msrc/mapp/partners.mspx.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: utf-8

wsFVAwUBSWY1P2A17vDdGxdTAQj9Kw//VEAgoAdytgkKTNfOh7BW2RLoie1HnjW+
9NYOtAIma+w6O0sPLbXMQOKkdJj8b3DKoXRkFco/KSjlPCyzuL4j+LTQcavot7tv
W/hVZ7ae+zGwg8JvrLVH0fr45BbIv5RTQ/yqSfvcJSWnpMOS4yY+EROMT1c0YmMH
IH1IQgo9nfX6yt/R7pSs+a1GKQi1r7IOvE84zLK7kE8JjHz4JHEiUzH8UHIbXvEs
4WjmjJOgQpPeR5gjBBQnNsRMDPgcVrvLNtfvjNHFsgen8uH/JQrJPeTJ8ufDEF1X
MqRNjOCtdbE6Of+bi5IV6Emlxb32McGFG9Gi1rR+Wkv3lfVd/k3x3zvsMUiN7sJu
NdmGih3wjoWut7Dta7lti4j3hwVPQYG6D3tcg/33Bg1oIfIZJLWoXE1WAQ8elOYs
TlvrThMpznKxj5g0ixZbKqf/4o0cXJDVgcFWNJScYw3/GoO7L7H5qkX7cHgjOxZX
+Tf18i/VVZPpojDO+QKNbpdH68saUr34/R/NUDHOsFFhTUvX6Dh88GtealCSzmyL
g9wSIGrgA9zS4frEiV+x/jvg71WsMIwOn7CsxJdCIhuExDIXSePUMczocAbhU9i/
xrYuwqN4GSUd+vswn0n4Lcn7+nCXhIkYolNdCnnsiD+3IPbd5IxG89VyNv/19u5V
SykNrQT3XGE=
=kSrk
-----END PGP SIGNATURE-----