This application requires Javascript for optimal performance.

Microsoft Security Bulletin for October 2009


The table below lists the Microsoft vulnerabilities for October.
MS Bulletin Number Microsoft Bulletin TitleSeverityImpact of VulnerabilityAffected SoftwareCVE ID
MS09-050Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)CriticalRemote Code ExecutionMicrosoft Windows CVE-2009-2526 CVE-2009-2532 CVE-2009-3103
MS09-051Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)CriticalRemote Code ExecutionMicrosoft Windows CVE-2009-0555 CVE-2009-2525
MS09-052Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)CriticalRemote Code ExecutionMicrosoft Windows CVE-2009-2527
MS09-053Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)ImportantRemote Code ExecutionMicrosoft Windows CVE-2009-2521 CVE-2009-3023
MS09-054Cumulative Security Update for Internet Explorer (974455)CriticalRemote Code ExecutionMicrosoft Windows,Internet Explorer CVE-2009-1547 CVE-2009-2529 CVE-2009-2530 CVE-2009-2531
MS09-055Cumulative Security Update of ActiveX Kill Bits (973525)CriticalRemote Code ExecutionMicrosoft Windows CVE-2009-2493
MS09-056Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)ImportantSpoofingMicrosoft Windows CVE-2009-2510 CVE-2009-2511
MS09-057Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)ImportantRemote Code ExecutionMicrosoft Windows CVE-2009-2507
MS09-058Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)ImportantElevation of PrivilegeMicrosoft Windows CVE-2009-2515 CVE-2009-2516 CVE-2009-2517
MS09-059Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)ImportantDenial of ServiceMicrosoft Windows CVE-2009-2524
MS09-060Vulnerabilities in Microsoft Active Template Library (ATL)) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)CriticalRemote Code ExecutionMicrosoft Office CVE-2009-0901 CVE-2009-2493 CVE-2009-2495
MS09-061Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)CriticalRemote Code ExecutionMicrosoft Windows, Microsoft .NET Framework, Microsoft Silverlight CVE-2009-0090 CVE-2009-0091 CVE-2009-2497
MS09-062Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)CriticalRemote Code ExecutionMicrosoft Windows,Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft SQL Server, Microsoft Developer Tools, Microsoft Forefront CVE-2009-2500 CVE-2009-2501 CVE-2009-2502 CVE-2009-2503 CVE-2009-2504 CVE-2009-2518 CVE-2009-2528 CVE-2009-3126


Threat Remediation


Fortinet provides coverage on Microsoft vulnerabilities in October 2009.

CVE NumberSignature Name
CVE-2009-2526MS.SMBv2.Infinite.Loop.DoS
CVE-2009-2532MS.SMB2.Negotiation.Handler.Code.Execution
CVE-2009-3103MS.SMB2.Negotiation.Handler.Code.Execution
CVE-2009-0555MS.Windows.Media.Runtime.Voice.Sample.Rate.Code.Execution
CVE-2009-2525MS.Windows.Media.Runtime.Voice.Sample.Rate.Code.Execution
CVE-2009-2527MS.Windows.Media.Player.Code.Execution
CVE-2009-2521MS.IIS.FTP.NLST.DoS
CVE-2009-3023MS.IIS.FTP.NLST.Remote.Code.Execution
CVE-2009-1547MS.IE.Deflate.Content.Code.Execution
CVE-2009-2530MS.IE.Event.Object.Code.Execution
CVE-2009-2531MS.IE.Table.Layout.Code.Execution
CVE-2009-2510MS.Windows.X509.CN.Spool
CVE-2009-2511MS.Windows.X509.OID.Spool
CVE-2009-2507MS.Indexing.Service.Memory.Corruption
CVE-2009-2524MS.Windows.LSASS.NTLM.Authentication.DoS
CVE-2009-0901MS.DirectX.MsVidCtl.ActiveX.Control.Access
CVE-2009-2493MS.ATL.Object.Type.Mismatch.Code.Execution
CVE-2009-2500MS.Windows.GDI+.WMF.Integer.Overflow
CVE-2009-2501MS.Windows.GDI+.PNG.Heap.Overflow
CVE-2009-2502MS.GDIPlus.TIFF.Code.Execution
CVE-2009-2503MS.GDIPlus.Multiple.Run.Length.Zero.Code.Execution
CVE-2009-2518Bitmap.Header.BiClrUsed.Integer.Overflow
CVE-2009-2528MS.Office.Art.Drawing.Remote.Code.Execution
CVE-2009-3126PNG.Image.Integer.Overflow

For more information on new and enhanced signatures, visit the IPS Service Update History. If you require more information, contact the FortiGuard Team using our Contact Us web page.


Document History


Revision DateVersion Number
Tuesday, October 13, 20091Initial Documentation.


Reference: