placement for flash

RSS Feed

Subscribe to this feed

Categories

Tags

Archive

View archive statistics

Calendar

Articles by Author

Recent posts

Hackers use a Facebook hoax to plant Rouge AntimalwareRating: 0 / 0
Johnny Depp fake death notice - fake ActiveX codecRating: 3 / 1
Top 10 Chinese cyber attacksRating: 0 / 0

Blogroll

7/15/2009 3:16:00 PM

Microsoft Security Bulletin Summary for July 2009

by Mahran Amona

Microsoft has released a security bulletin for July 2009 to address six vulnerabilities in Microsoft Windows products, three of them are critical. We strongly suggest applying the patches provided by Microsoft for these vulnerabilities.

Critical

Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution
This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely.

The patch and additional information are available here.

Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file.

The patch and additional information are available here.

Cumulative Security Update of ActiveX Kill Bits
This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control.

The patch and additional information are available here.

Important

Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege
This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system.

The patch and additional information are available here.

Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege
This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.

The patch and additional information are available here.

Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

The patch and additional information are available here.

References:
• Microsoft Security Bulletin Summary for March 2009

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Tags: security updates, microsoft, vulnerability, exploit, patch

email

Email

Digg this

Digg this

del.icio.us

del.icio.us

Slashdot It!

Slashdot It!

Permalink | Comments (0)

Related posts

Microsoft Security Bulletin Summary for July 2009, Version 2.0Microsoft Security Bulletin Summary for December 2008Microsoft Security Bulletin Summary for February 2009

Comments