It's Microsoft Patch Tuesday: November 2009

Justin James gathers the information you need to make the right decision on applying Microsoft's November patches in your organization.

This month's actual "Patch Tuesday" items are short and sweet. So why is this month's report so insanely long? Blame it on W7 and 2008R2, but not in a bad way! Microsoft is back-porting a lot of W7/2008R2 functionality to previous versions of Windows, and most of the interim patches are related to this effort. While I applaud Microsoft for doing this and while I understand why they would want to release those items out of band, I think that most systems administrators would rather not see those kinds of items show up until the proper Patch Tuesday.

For information on previous patch Tuesdays, visit the TechRepublic Microsoft Patch Tuesday archives.

Security patches

  • MS09-045/KB975542 - Critical (2000): This patch fixes a remote code execution exploit in Jscript 5.7 on Windows 2000. The patch has been available since December for other versions and other OSs. 718 KB
  • MS09-063/KB973565 - Critical (Vista, 2008): An attacker on the local subnet only could use a specially crafted packet to perform a remote code execution exploit against Vista and 2008. This is a surprising item, in that it affects only Vista and 2008. You will want to get this patch installed immediately, because it requires zero user interaction to trigger it, and the attacker gets full rights from what I can tell. 245 KB - 576 KB
  • MS09-064/KB974783 - Critical (2000): A problem with the License Logging Server on Windows 2000 allows attackers to perform remote code execution exploits against the machine. You should install this patch as soon as you can. 532 KB
  • MS09-065/KB969947 - Critical (XP, 2000, 2003)/Important (Vista, 2008): There are a number of problems with the Windows kernel that allow attackers with carefully crafted fonts to attack the system. On 2000, XP, and 2003, these are remote code execution exploits. On Vista and 2008, these are "merely" escalation of privileges attacks. You should get this patch on your systems as soon as you can. 1.1 MB - 5.6 MB
  • MS09-066/KB973037 - Important (XP, 2000, 2003, 2008): A problem with various active Directory systems allows specially crafted LDAP queries to jam up the Active Directory system on servers. This is a low-priority item, and the patch can wait until your next patch cycle. 800 KB - 5.6 MB
  • MS09-067/KB973593 - Important (Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Converter for Mac, Excel Viewer 2003, Office Compatibility Pack 2007 SP 1 and SP2): A number of problems with various applications that can open Excel files can lead to a remote code execution exploit. The damage is limited on systems with restricted user accounts. Microsoft calls this update "Important," but I feel that you will want to install it immediately, due to the user habit of opening any and every Office file they receive.
  • MS09-068/KB976307 - Important (Office XP, Office 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Converter for Mac, Word Viewer): Similar to the Excel bug above, specially crafted Word documents can be used to perform remote code execution attacks, which may have lower permissions for restricted users. Again, the prevalence of Word files makes this more critical than the potential damage would normally indicate, so install this patch quickly. There is a known issue where Office XP users will need to re-agree to the software terms after installing this update.

Other updates

  • KB943729: 2008R2 and 2008 introduced new Group Policy items for Windows clients; this update makes these policies available to machines running XP and 2003. 700 MB - 890 KB
  • KB960568: This update for Vista and 2008 adds BITS 4.0 functionality, which is used by much of the Windows Management system. 1.4 - 1.9 MB
  • KB968930: Adds PowerShell 2.0 and Windows Remote Management 2.0 (for managing Windows computers via SOAP Web Service calls) to XP, Vista, 2003, and 2008. 6.1 MB - 35.9 MB
  • "The Usual Suspects": Updates to the Malicious Software Removal Tool (9.3 - 9.7 MB) and Junk Email filters. 2.2 MB

Changed, but not significantly: Windows Media Center Update (KB975053).

Updates since the last Patch Tuesday

We did not have any security patches release out of band since the last Patch Tuesday.

There have been a number of minor items added since the last Patch Tuesday:

Changed, but not significantly:

TechRepublic's Windows Vista and Windows 7 Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista and Windows 7, including a look at new features in the latest version of the Windows OS. Automatically sign up today!


Justin James is the Lead Architect for Conigent.

Editor's Picks