On CHOW: When to unfriend
BNET Business Network:
BNET
TechRepublic
ZDNet

July 14th, 2009

MS Patch Tuesday: 9 bulletins, 6 rated critical

Posted by Ryan Naraine @ 11:20 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Microsoft, Patch Watch, Research, Responsible disclosure, Viruses and Worms, Vulnerability research

Tags: Vulnerability, Microsoft Corp., Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Microsoft today released six bulletins with fixes for at least nine documented security vulnerabilities in a range of products that put users at risk of malicious hacker attacks.

At least two of the vulnerabilities are currently being attacked in the wild so it’s imperative that Windows users and administrators treat these patches with the highest possible priority.

Of the six bulletins in the July batch of patches, three are rated “critical,” Microsoft’s highest severity rating.

[ SEE: Dangerous Microsoft DirectX vulnerability under attack ]

They are:

  • MS09-029: This covers two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution.   Rated rated “critical” for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
  • MS09-028:  This update fixes three separate vulnerabiliteis (one publicly disclosed and under attack!) in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file.
  • MS09-032: This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer that uses the ActiveX control.  This vulnerability is currently being exploited in the wild!  Rated “critical”for all supported editions of Windows XP and “moderate” for all supported editions of Windows Server 2003.

Three other bulletins were issued to cover a solitary bug (rated “important”) in Microsoft Virtual PC and Microsoft Virtual Server; a privilege escalation issue in Microsoft Internet Security and Acceleration (ISA) Server 2006; and a remote code execution hole in Microsoft Office Publisher.

It’s important to keep in mind that another ActiveX control vulnerability has been confirmed by Microsoft but is not yet patched.  This is also being exploited in the wild.

Microsoft has shipped a Fix it tool to assist users in mitigating the risks associated with this vulnerability.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 82 Talkback(s)
Security
I presume you wasn't talking about the NT line of operating systems when you posted that nonsense (Read the rest)
Posted by: eqpc Posted on: 08/08/09 You are currently: a Guest | | Terms of Use
Chalk up another win for Vista.  ye | 07/14/09
what about netbooks?  ~doolittle~ | 07/14/09
Not at all.  ye | 07/14/09
that is for sure  ~doolittle~ | 07/14/09
Well, here's your solution for XP. No more security issues......  xuniL_z | 07/15/09
good solution  ~doolittle~ | 07/15/09
better...  scorchgeek | 07/15/09
@ scorch  ariesghost | 07/15/09
Excellent idea, scorchgeek  Wintel BSOD | 07/16/09
Thats odd...  JT82 | 07/15/09
Stupid is as stupid does  ~doolittle~ | 07/15/09
True...  JT82 | 07/15/09
Re; Stupid is as stupid does . .  hkommedal | 07/15/09
You say that like it is a bad thing.  B.O.F.H. | 07/14/09
a step backwards  ~doolittle~ | 07/14/09
Windows 7 IS lite  NStalnecker | 07/14/09
Let's hope they get it right  ~doolittle~ | 07/15/09
Then they dont understand the point of a netbook..  JT82 | 07/15/09
Re; "average user" expectation of a netbook . .  hkommedal | 07/15/09
Windows 7 won't run on my Netbook...  914four | 07/17/09
Modular Windows ?  Agnostic_OS | 07/15/09
Re; Modular Windows ? . . . Shame on you !  hkommedal | 07/15/09
What malware? I run Linux. Thank you.  nizuse | 07/14/09
Just like Windows.  ye | 07/15/09
No he doesn't  Loverock Davidson | 07/15/09
If U don't have AV, how do you know?  UsersRevil | 07/15/09
Linux Has More Native Security Than Windows  nbahn | 07/15/09
Re; Linux Has More Native Security Than Windows . .  hkommedal | 07/15/09
Additional  Agnostic_OS | 07/15/09
antivirus in linux  Tom6 | 07/16/09
Better hope Linux never gets market share  baileysc | 07/15/09
If I may (respectfully, of course) disagree with you...  nbahn | 07/15/09
Re; then please do not hesitate to correct me.  hkommedal | 07/15/09
Re; The more market share Linux gets, the more you are . .  hkommedal | 07/15/09
Its a catch 22  baileysc | 07/16/09
linux/unix security  Tom6 | 07/16/09
Security  eqpc | 08/08/09
Re; What malware? I run Linux . . So do I when . .  hkommedal | 07/15/09
So, in other words....  bjbrock | 07/15/09
Oh please!  ye | 07/15/09
Re; OTOH I don't think you can...which is why . .  hkommedal | 07/15/09
The reason why it gets annoying is...  awasson@... | 07/15/09
Re; The reason why it gets annoying is . .  hkommedal | 07/15/09
RE: MS Patch Tuesday: 9 bulletins, 6 rated critical  jamesrayg | 07/15/09
If there were 10,000 Fort Knox's, they'd all be insecure  whisperycat | 07/15/09
HOW!!! Please...will you be the one to answer this question?  ye | 07/15/09
"I keep hearing this yet noone has been able to explain how"  nizuse | 07/15/09
Ah, the old "just because" explanation  mgp3 | 07/15/09
If anything, I would think the argument  goff256 | 07/15/09
main reason Linux is secure, besides small user base.  pfyearwood | 07/15/09
Re; Just don't sit here and believe that you're unbiased.  hkommedal | 07/15/09
RootUser OpenSource Bliss  Tom6 | 07/16/09
I'll answer  anothercanuck | 07/18/09
Really, more secure?  GuidingLight | 07/15/09
You can't give two examples  nizuse | 07/15/09
He said viruses  goff256 | 07/15/09
Ok, no problem  GuidingLight | 07/15/09
One thing ABMers fail to understand is this:  In-Action Man | 07/15/09
HA!  nbahn | 07/15/09
This is the type of thing I was looking for!  goff256 | 07/15/09
It is not always that easy to find, is it. However remember:  hkommedal | 07/15/09
Re; Leaving a system unpatched for six years?  hkommedal | 07/15/09
Those links stated that the servers in question were long overdue . .  hkommedal | 07/15/09
Re; Linux is inherently more secure against viruses by design.  hkommedal | 07/15/09
It doesn't need the market share  Loverock Davidson | 07/15/09
telnet is needed to admin windows server  ~doolittle~ | 07/15/09
Yet another post based on ignorance  baileysc | 07/15/09
just like loverock...  ~doolittle~ | 07/16/09
Re; Oh and leaving the telnet port wide open.  hkommedal | 07/15/09
quite true, "average user" != "administrator"  ~doolittle~ | 07/15/09
This is why I always say:  ye | 07/15/09
Um, whom are you responding to?  nbahn | 07/15/09
Linux safer by design  Tom6 | 07/16/09
2nd month running can't install all updates  Jim Johnson | 07/15/09
Your Windows Registry (primary index) is whacked.  Dietrich T. Schmitz | 07/16/09
7 got no updates  VistroDotNet | 07/15/09
RE: MS Patch Tuesday: 9 bulletins, 6 rated critical  kchown300@... | 07/15/09
Windows world insecure by design  Tom6 | 07/16/09
And yet again the ill-informed jump on the bandwagon!!  kaninelupus | 07/16/09
Counter measures against antivirus lol  Tom6 | 07/16/09
This ZDNET story is brought to you by: Microsoft  Dietrich T. Schmitz | 07/17/09
Linux Community  Tom6 | 07/17/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here