Microsoft Patches its Windows and Office Products – Patch Tuesday, November 2009


Microsoft has released six new security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines.  Three of the six bulletins are rated “critical,” meaning they can be used to launch remote code execution or worm attacks without any user action.  One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser.

Security bulletins are released monthly to resolve critical problem vulnerabilities. This article provides you with an overview of the new security bulletins being released on November 10, 2009.  

Bulletin ID Bulletin Title Max Severity Vulnerability Impact Restart Requirement Affected Software*
MS09-063 Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) Critical Remote Code Execution Requires restart Microsoft Windows Vista and Windows Server 2008
MS09-064 Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) Critical Remote Code Execution Requires restart Microsoft Windows 2000 Server
MS09-065 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) Critical Remote Code Execution Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
MS09-066 Vulnerability in Active Directory Could Allow Denial of Service (973309) Important Denial of Service Requires restart Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008
MS09-067 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) Important Remote Code Execution May require restart Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
MS09-068 Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) Important Remote Code Execution May require restart Microsoft Office Word 2002, Word 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Office Word Viewer, and Office Word Viewer 2003

* The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin via the link in the left column and navigate to the “Affected Software” section.

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx