MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260)

This isn't the first time that Microsoft has released an out-of-band patch for Internet Explorer, but they are certainly pretty rare. I'd patch for this one as soon as reasonably possible.

MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260): "Bulletin Severity Rating:Critical - This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

(Via Microsoft Security Bulletins.)

MS09-032 - Critical: Cumulative Security Update of ActiveX Kill Bits (973346)

MS09-032 - Critical: Cumulative Security Update of ActiveX Kill Bits (973346): "Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

(Via Microsoft Security Bulletins.)

MS09-029 - Critical: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

MS09-029 - Critical: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371): "Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

(Via Microsoft Security Bulletins.)

MS09-028 - Critical: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

MS09-028 - Critical: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633): "Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

(Via Microsoft Security Bulletins.)

OSX on a Dell Mini 9

Well, my wife's iBook G4 12" is finally starting to show it's age, so I just joined the netbook craze, settling on a Dell Mini 9. Although there were definitely cheaper alternatives, I got a great deal on the Dell model that included the 32GB SSD and 2GB RAM upgrades which allowed me to use OSX flawlessly. This particular configuration allows for all the functionality that currently plagues most other netbooks when running OSX, particularly the WiFi, built-in Ethernet, sound, and sleep mode. I'm definitely impressed with the build quality and performance. Although both don't match my MacBook Pro, it cost roughly 1/4 the price of it, 1/3 the price of a MacBook and provides all the basic functionality needed for mobile computing. QuickTime movies work well. The upgrade to 10.5.7 went pretty smoothly as there's quite a bit of info on how to do it available online. This install is certainly not for the tech-illiterate, but there's plenty of info available on My Dell Mini. Note that this setup is not endorsed or supported by either Dell nor Apple, and may violate the terms of your EULA, so caveat emptor.