Tuesday, July 14, 2009

July 2009 Microsoft Security Bulletin Release

Microsoft released six security updates for July. As Jerry Bryant explained at the MSRC Blog,
"This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days. In fact, as we discussed in the advance notification blog post last week, two of those are under active attack and were discussed in security advisories which are being replaced with the release of these bulletins."
You may also want to watch the video presentation by Jerry Bryant and Adrian Stone at the MSRC Blog where they provide a little more discussion on risk and impact concerning this month’s bulletins and Security Advisory 973472.

Following is general information regarding the updates:

Critical:

MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003
MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows XP, Windows Server 2003
Important:

MS09-030 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516)
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Publisher 2007
MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Internet Security and Acceleration Server 2006
MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC 2004, Virtual PC 2007, Virtual Server 2005

Summaries for the July bulletins may be found at http://www.microsoft.com/technet/security/bulletin/MS09-Jul.mspx.






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: