JPCERT-AT-2009-0007
                                                             JPCERT/CC
                                                            2009-04-15

                  <<< JPCERT/CC Alert 2009-04-15 >>>

                April 2009 Microsoft Security Bulletin
                   (including five critical patches)

             http://www.jpcert.or.jp/at/2009/at090007.txt

I. Overview

  Microsoft has released its security bulletin summary for April 2009,
which contains five security updates with severity rating "Critical".

  A remote attacker could use this vulnerability and execute arbitrary
code.

  For further information about this vulnerability, refer to the
following URLs.

    Microsoft Security Bulletin Summary for April 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx


    [Critical Security Update]

    MS09-009
    Vulnerabilities in Microsoft Office Excel Could Cause Remote Code
      Execution (968557)
    http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

    MS09-010
    Vulnerabilities in WordPad and Office Text Converters Could Allow
      Remote Code Execution (960477)
    http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx

    MS09-011
    Vulnerability in Microsoft DirectShow Could Allow Remote Code
      Execution (961373)
    http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

    MS09-013
    Vulnerabilities in Windows HTTP Services Could Allow Remote Code
      Execution (960803)
    http://www.microsoft.com/technet/security/bulletin/ms09-013.mspx

    MS09-014
    Cumulative Security Update for Internet Explorer (963027)
    http://www.microsoft.com/technet/security/bulletin/ms09-014.mspx




II. Solution

  Use means such as Microsoft Update or Windows Update to apply the
security update immediately.

    Microsoft Update
    https://update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/


III. References

    Microsoft Security Bulletin Summary for March 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx

    US-CERT Technical Cyber Security Alert TA09-104A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA09-104A.html

    US-CERT Vulnerability Note
    http://www.kb.cert.org/vuls/byid?searchview&query=ms09-apr


  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602