Symantec ThreatCON (1) => (2) Microsoft has released the scheduled security bulletins for September. Customers are advised to install the updates as soon as possible.
2009-09-08 18:29
US-CERT Microsoft Releases September Security Bulletin US-CERT Current Activity
Microsoft has released Microsoft Security Bulletin Summary for September 2009. September's Bulletin includes updates to address multiple vulnerabilities in Microsoft Windows. These vulnerabilities may allow an attacker to execute arbitrary code.
2009-09-08
CERT-FI CERT-FI Advisory on the Outpost24 TCP Issues TCP/IP Zero Window Size Vulnerability (CVE-2008-4609, MS09-048)
The vulnerabilities described in this advisory can potentially affect systems and applications that run an implementation of TCP protocol (RFC793 et al.). The issues were found by the Sockstress tool developed by Outpost24.
Zero Day Initiative (ZDI) ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability JScript Remote Code Execution Vulnerability (CVE-2009-1920, MS09-045)
Vulnerability Reported
The specific flaw exists when parsing the jscript keyword "arguments". Because the arguments object is not available until a certain time, invoking it can result in memory corruption. Successful exploitation of this vulnerability can lead to a remote system compromise under the credentials of the current user.
2008-09-12
Recurity Labs GmbH TCP/IP Orphaned Connections Vulnerability TCP/IP Orphaned Connections Vulnerability (CVE-2009-1926, MS09-048)
Vulnerability Reported
The TCP/IP-Stack of the Microsoft Windows XP/Vista Operating System is vulnerable to a remote resource exhaustion vulnerability. By taking advantage of this vulnerability, an attacker can cause a connection's Transmission Control Block (TCB) to remain in memory for an indefinite amount of time without the need for the attacker to further maintain the connection's activity.