Nortel: Technical Support: Nortel Response to Microsoft Security Bulletin MS09-014

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Microsoft Security Bulletin MS09-014

Description:	On Tuesday, April 14th, Microsoft released security update MS09-014 - Cumulative Security Update for Internet Explorer (963027). This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. MS09-014 addresses the following CVEs: 1) CVE-2008-2540 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2540) A blended threat remote code execution vulnerability exists in the way that Internet Explorer locates and opens files on the system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 2) CVE-2009-0550 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0550) A remote code execution vulnerability exists in the way that WinINet handles NTLM credentials when a user connects to an attacker's server by way of the HTTP protocol. This vulnerability allows an attacker to replay the user's credentials back to the attacker and to execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 3) CVE-2009-0551 (http://
Type:	Security Advisories
Number:	2009009451, Rev 1
Status:	Retired
Date:	2009-08-17

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Microsoft Security Bulletin MS09-014 Checksum: 0dd886bbad26ed9ca3baa29bc923d0c8 [MD5]	[pdf]	24329 bytes	English

Associated Products

Application Server 5200

Bulletin temp product

Communication Server 1000 Telephony Manager

Contact Center - Express

Contact Center - Multimedia

Contact Center Manager Administration

Contact Center Manager Server

Contact Center Portfolio

Integrated Access - Cable

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Multimedia Communication Server 5100

Multiservice Data Manager (MDM)

Packet Transit - IP

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service

Universal Access - IP

VoIP Infrastructure Solutions

WiMAX Network Management System 5000