March 2009 Microsoft Security Bulletins

Filed Under: SophosLabs, Vulnerability

After several high profile vulnerabilities discovered for Microsoft products in February, with Internet Explorer vulnerability described in MS09-002 and Excel vulnerability described in (968272) being actively exploited in the wild, March brings a single vulnerability rated as Critical with a potential to cause remote code execution MS09-006.

MS09-009 fixes three separate kernel issues with the most serious one, described by CVE-2009-0081, in kernel part of GDI, which allows an attacker to create a maliciously formated graphics file and exploit it remotely.

Colleagues at the Microsoft Security Response Centre have published an interesting video containing the relevant information and details of Exploitability Index of the vulnerabilities disclosed in March Security Bulletins.

SophosLabs have created a vulnerability analysis for MS09-006, since this is the only vulnerability that might be used by malicious programs and updated our Latest Vulnerabilities page.

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.