Download March 2009 Security Release ISO Image for Vista SP1 and XP SP3
In fact, for all supported versions of Windows
The Security Releases ISO Image for March 2009 is available for download, offering all the security bulletins released by Microsoft for all supported versions of the Windows platform just a couple of days ago through Windows Update, Microsoft Update and Automatic Updates. The DVD5 ISO image file brings to the table patches for no less than eight security vulnerabilities that the software giant resolved on March 10, but packaged to contain multiple individual language versions of each security update, according to Microsoft. The ISO allows for multiple security updates to be downloaded as a single package for all the localized versions of Windows, including Windows Vista SP1 and Windows XP SP3, but also Windows Server 2003 and Windows Server 2008.
“Of the eight vulnerabilities, only one is rated “Criticalâ€â€”a remote code-execution vulnerability affecting the Windows kernel. This is a fairly serious issue, because a successful exploit will result in a complete compromise of the affected computer. The remaining issues, all rated “Importantâ€, affect the Windows kernel, SChannel, and Windows WINS and DNS servers,†revealed Symantec’s Robert Keith.
The March 2009 Security Release ISO Image contains no less than four bulletins, namely MS09-006, MS09-008, MS09-007, and MS08-052. Microsoft has also included MS08-052 with this release of the ISO image, because it revised the contents on March 10. Of course, MS09-006, considered Critical because it can allow an attacker to perform remote code execution in the eventuality of a successful exploit, should be at the top of every patch priority list.
“A remote code-execution vulnerability affects the GDI component of the Windows kernel when handling malformed EMF or WMF files. Remote attackers can exploit this issue by tricking a victim into viewing a specially crafted image; this can occur simply by visiting a malicious web page or viewing a specially crafted email. Successful exploits will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges,†Keith added.