Microsoft security bulletin ms09 009

An attacker who exploited the vulnerability when a user views a Web page could view content from the local computer or a browser window in a domain or Internet Explorer zone other than the domain or zone of the attacker's Web page.

Internet Explorer caches data and incorrectly allows the cached content to be rendered as HTML, potentially bypassing Internet Explorer domain restriction. An attacker who successfully exploited this vulnerability could view content from the local computer or browser window in another domain or Internet Explorer zone.

The update modifies the way that Internet Explorer handles cached content. Microsoft received information about this vulnerability through responsible disclosure. A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects.

As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site.

An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. This is a remote code execution vulnerability. When Internet Explorer displays a Web page that contains unexpected method calls to HTML objects, system memory may be corrupted in such a way that an attacker could execute arbitrary code.

If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. I am running Internet Explorer on Windows Server A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

When Internet Explorer attempts to access uninitialized memory in certain situations, it may corrupt memory in such a way that an attacker could execute arbitrary code. The update modifies the way that that Internet Explorer handles objects in memory. When Internet Explorer attempts to access an object that has not been initialized or has been deleted, memory may be corrupted in such a way that an attacker could execute arbitrary code in the context of the logged-on user. An attacker who successfully exploited this vulnerability could gain the same user rights as a logged-on user.

The update modifies the way that Internet Explorer handles objects in memory. When Internet Explorer attempts to access uninitialized memory under certain conditions, it may corrupt memory in such a way that an attacker could execute arbitrary code. Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization. Security updates are also available at the Microsoft Download Center.

You can find them most easily by doing a keyword search for "security update. Finally, security updates can be downloaded from the Microsoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs.

By searching using the security bulletin number such as, "MS" , you can add all of the applicable updates to your basket including different languages for an update , and download to the folder of your choosing. For more information, see Microsoft Knowledge Base Article Microsoft Baseline Security Analyzer MBSA allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.

For more information about MBSA 2. For SMS 2. See also Downloads for Systems Management Server 2. See also Downloads for Systems Management Server For more detailed information, see Microsoft Knowledge Base Article : Summary list of monthly detection and deployment guidance articles. Updates often write to the same files and registry settings required for your applications to run.

This can trigger incompatibilities and increase the time it takes to deploy security updates. You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit 5.

The Application Compatibility Toolkit ACT contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.

For information about the specific security update for your affected software, click the appropriate link:. The following table contains the security update information for this software. You can find additional information in the subsection, Deployment Information , in this section. When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.

Security updates may not contain all variations of these files. For more information about this behavior, see Microsoft Knowledge Base Article For more information about the installer, visit the Microsoft TechNet Web site. For more information about the terminology that appears in this bulletin, such as hotfix , see Microsoft Knowledge Base Article Note You can combine these switches into one command.

For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information. Because there are several editions of Microsoft Windows, the following steps may be different on your system. If they are, see your product documentation to complete these steps.

You may also be able to verify the files that this security update has installed by reviewing the registry keys listed in the Reference Table in this section. These registry keys may not contain a complete list of installed files. Also, these registry keys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files. Note For supported versions of Windows XP Professional x64 Edition, this security update is the same as supported versions of the Windows Server x64 Edition security update.

When you install this security update, the installer checks to see if one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.

For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses. When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Windows hotfix. If you have previously installed a hotfix to update one of these files, the installer will apply the LDR version of this update.

Otherwise, the installer will apply the GDR version of the update. For more information about the installer, see Microsoft Knowledge Base Article Note Because there are several editions of Microsoft Windows, the following steps may be different on your system. Microsoft thanks the following for working with us to help protect customers:.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. Users who have installed and are using the Office Document Open Confirmation Tool for Office will be prompted with Open, Save, or Cancel before opening a document.

Top of sectionTop of section. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. The compatibility pack is available as a free download from the Microsoft Download Center:. Visit Microsoft Update to install all recommended updates:.

Note On Windows Vista and Windows Server , the commands above will need to be run from an elevated command prompt. Additionally, documents with passwords or that are protected with Digital Rights Management cannot be converted.

Use Microsoft Office File Block policy to block the opening of Office and earlier documents from unknown or untrusted sources and locations. Note Modifying the Registry incorrectly can cause serious problems that may require you to reinstall your operating system.

Microsoft cannot guarantee that problems resulting from incorrect modification of the Registry can be solved. Modify the Registry at your own risk. Note In order to use 'FileOpenBlock' with Office , all of the latest Office security updates must be applied. Note In order to use 'FileOpenBlock' with the Microsoft Office system, all of the latest security updates for the Microsoft Office system must be applied.

What is the scope of the vulnerability? This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs or view, change, or delete data; or create new accounts with full user rights. What causes the vulnerability? The vulnerability exists in the way that Microsoft Office Excel parses the Excel spreadsheet file format that could allow remote code execution when opening a specially crafted Excel spreadsheet.

What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. How could an attacker exploit the vulnerability? This vulnerability requires that a user open a specially crafted Excel spreadsheet with an affected release of Microsoft Office Excel.

In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Excel file to the user and by convincing the user to open the file. In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability.

In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site.

Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site, and then convince them to open the specially crafted Excel file.

What systems are primarily at risk from the vulnerability? Systems where Microsoft Office Excel is used, including workstations and terminal servers, are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this. What does the update do? This update removes the vulnerability by changing the way that Microsoft Office Excel opens specially crafted Excel files.

When this security bulletin was issued, had this vulnerability been publicly disclosed? Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued. This security bulletin addresses the privately disclosed vulnerability as well as additional issues discovered through internal investigations. Thank you!

Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen.