Soft2Secure

ADVANCE NOTIFICATION – April 2009 MSRC Security Bulletin Release

This is the advance notification for the April Monthly Security Bulletin release. On Tuesday 14 April (US time; Wednesday 15th April AU time), MS expect to release the five (5) bulletins rated Critical, two (2) rated Important, and one rated Moderate, affecting Windows, IE, Excel, and ISA Server. Further details are below; no additional information will be released until next week when the bulletins are released to the public.

Important Support Lifecycle Notes for this month:
This is the last security release for Windows 2003 SP1; after 14th April 2009 you must be running Windows 2003 SP2 to remain supported. We will provide 30 days of support for any installation issues on Windows 2003 SP1 for security updates released on 14th April 2009.
Windows XP transitions from Mainstream Support to Extended Support on 14th April 2009. This does NOT change the availability of security updates for Windows XP, which will continue to be publically released until April 2014 (for a supported service pack – currently SP2 and SP3 are deemed supported, until 13 July 2010 when you must be running XPSP3 to remain supported). Note: non-security hotfixes will require a separate agreement, contact me if you need additional information on the Extended Hotfix Support program.

What is the purpose of this alert?
As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity, and information about restart requirements relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

On April 14, 2009, Microsoft is planning to release eight new security bulletins. Below is a summary in order of severity.

New Bulletin Summary

Bulletin ID: Windows 1

• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: Requires restart
• Affected Software: Microsoft Windows, Microsoft Office

Bulletin ID: Windows 2

• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: Requires restart
• Affected Software: Microsoft Windows

Bulletin ID: Windows 3

• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: May require restart
• Affected Software: Microsoft Windows

Bulletin ID: IE

• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: Requires restart
• Affected Software: Microsoft Windows, Internet Explorer

Bulletin ID: Excel

• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: May require restart
• Affected Software: Microsoft Office

Bulletin ID: Windows 4

• Maximum Severity Rating: Important
• Vulnerability Impact: Elevation of Privilege
• Restart Requirement:  Requires restart
• Affected Software: Microsoft Windows

Bulletin ID: ISA

• Maximum Severity Rating: Important
• Vulnerability Impact: Denial of Service
• Restart Requirement: Requires restart
• Affected Software: Microsoft Forefront Edge Security

Bulletin ID: Windows 5

• Maximum Severity Rating: Moderate
• Restart Requirement: Elevation of Privilege
• Restart Requirement: Requires restart
• Affected Software: Microsoft Windows

Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities, are subject to change until released.

Advance Notification Web Page: The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx.

Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Monthly Security Bulletin Webcast: To address customer questions on these bulletins Microsoft will host a Webcast next week Wednesday at 11:00 A.M. Pacific Time (U.S. & Canada). Registration for this event and other details can be found at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

At this time, no additional information on these bulletins, such as details regarding the vulnerability or severity, will be made available until the bulletins are published on Tuesday.

Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative. 0/5 (1)