Critical holes in all Windows versions closed
The WLAN configuration service problem only affects Vista and Server 2008 (except for the Itanium version). Windows XP is not subject to the network stack vulnerability, while Vista and Server 2008 are not affected by the DHTML hole. Each update package closes at least one security hole, for which Microsoft thinks exploits will likely soon be available.
The FTP server vulnerability in Microsoft IIS 5, 6 and 7 and the denial-of-service hole in the network service for Vista and Windows 7, as anticipated, still remain unpatched. Microsoft's current advisories do not detail the extent to which Windows 7 – already in widespread and productive use – is affected by the vulnerabilities. Users should immediately install these patches.
- Microsoft Security Bulletin Summary for September 2009, Patch details from Microsoft.
- Microsoft warns of vulnerability in Internet Information Services, a report from The H Security.
- Hole in Windows Vista and 7 allows remote reboot, a report from The H Security.