Microsoft Windows Knowledge Base Article 963093 update is not installed (WinMs09kb963093Update)

Vuln ID: 50778
Risk Level: Low risk vulnerability  Low WinMs09kb963093Update
Platforms: Microsoft Windows XP: SP2, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows XP: SP3, Microsoft Windows Search: 4.0
Description:

Microsoft Knowledge Base Article 963093 is not installed, which could allow a remote attacker to exploit the following vulnerability:

Microsoft Windows Search could provide weaker than expected security, caused by an error in the generation of file previews. By persuading a victim to perform a search that returns a malicious file, a remote attacker could exploit this vulnerability to run arbitrary HTML script code with special permissions that disclose sensitive information.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-023. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS09-023
Vulnerability in Windows Search Could Allow Information Disclosure (963093)
http://www.microsoft.com/technet/security/bulletin/ms09-023.mspx

IBM Internet Security Systems X-Force Database
Microsoft Windows Search weak security
http://xforce.iss.net/xforce/xfdb/50777

ISS X-Force
Microsoft Windows Knowledge Base Article 963093 update is not installed
http://www.iss.net/security_center/static/50778.php

CVE CVE-2009-0239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0239
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures