Safari 4.0.3

Apple have released Safari 4.0.3 for both OSX and Windows;

About Safari 4.0.3 [1]
* Version: 4.0.3
* Post Date: August 11, 2009
* Download ID: DL877
* File Size: 40MB (Leopard) 26MB (Tiger) 27MB (Windows)

This update is recommended for all Safari users and includes improvements to stability, compatibility and security including:
* Stability improvements for webpages that use the HTML 5 video tag
* Stability improvements for 3rd-party plug-ins
* Stability improvements for Top Sites
* Fixes an issue that prevented some users from logging into iWork.com
* Fixes an issue that could cause web content to be displayed in greyscale instead of color

Fixed in Safari 4.0.3 [2]
* CoreGraphics: CVE-2009-2468 (Win)
* ImageIO: CVE-2009-2188 (Win)
* Safari: CVE-2009-2196 (Mac & Win)
* Webkit: CVE-2009-2195, CVE-2009-2200, CVE-2009-2199 (Mac & Win)

Products Affected
Product Security, Safari 4 (Windows), Safari 4 (Mac OS X 10.5), Safari 4 (Mac OS X 10.4)

LINKS:
[1] Safari 4.0.3 (2009-Aug-11) [Apple]
[2] About the security content of Safari 4.0.3 (2009-Aug-11) [Apple]

CRP09-048

Patch Tuesday Wednesday (AUG-2009)

This month we have 9 new security bulletins, a restart will be required.

This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS09-036	970957	Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service	Denial of Service	Imortant	Microsoft Windows, Microsoft .NET Framework
MS09-037	973908	Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-038	971557	Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-039	969883	Vulnerabilities in WINS Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-040	971032	Vulnerability in Message Queuing Could Allow Elevation of Privilege	Elevation of Privilege	Imortant	Microsoft Windows
MS09-041	971657	Vulnerability in Workstation Service Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS09-042	960859	Vulnerability in Telnet Could Allow Remote Code Execution	Elevation of Privilege	Important	Microsoft Windows
MS09-043	957638	Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, Microsoft BizTalk Server
MS09-044	970927	Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows, Remote Desktop Connection Client for Mac

For this month:
A multitude of vulnerabilities allowing random code execution.

PATCH NOW:
NOW: MS09-037, MS09-038, MS09-040, MS09-043, MS09-044

LINKS:
[1.] August 2009 Bulletin Release (2009-Aug-11) [MS: MSRC]
[2.] Microsoft August 2009 Black Tuesday Overview (2009-Aug-11) [SANS]
[3.] Microsoft Security Bulletin Summary for August 2009 (2009-Aug-11) [MS]
[4.] Microsoft security updates for July 2009 (2009-Aug-11) [MS]
[5.] MS09-039: More information about the WINS security bulletin (2009-Aug-11) [MS: SR&D]
[6.] MS09-037: Why we are using CVE’s already used in MS09-035 (2009-Aug-11) [MS: SR&D]
[7.] MS09-035: ASP.NET Denial-of-Service vulnerability (2009-Aug-11) [MS: SR&D]

CRP09-046, CRP09-047