Microsoft Updates

Overview of the March 2009 Microsoft patches and their status. 1 critical and 2 important updates

MS09-006 Multiple input validation vulnerabilities in the windows kernel allow random code execution though the GDI component (WMF and EMF files yet again), and privilege escalations that allow random code to be run in kernel mode. Replaces MS08-061.

MS09-007 Secure Channel (SChannel) implements SSL and TLS. When using client certificates (X.509) the server implementation fails to properly validate that the client has access to the private key and allows impersonation using only knowledge of the public key of the client. Replaces MS07-031.

MS09-008 Multiple vulnerabilities in the DNS and WINS server implementation. DNS spoofing is made easier by allowing a more predicable transaction ID, possible causing DNS cache poisoning. The update also fixes the problem with WPAD (Web Proxy Auto Discovery) a DNS. A similar problem is fixed for WINS with the WPAD and ISATAP (IPv6: Intra Site Automatic Tunnel Addressing Protocol) names Replaces MS08-037, MS08-034 and MS08-066.