Advance Notice: July 2009 MSRC Security Bulletin

As part of the monthly security bulletin release cycle, Microsoft provides advance notification on the number of new security updates being released, the products affected, the aggregate maximum severity, and information about detection tools relevant to the update.

On July 14, 2009 Microsoft is planning to release six new security bulletins. Below is a summary in order of severity. The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here at http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx.

Jerry Bryant provided important clarification regarding two of the pending Windows updates at the MSRC Blog in July 2009 Advance Notification:

"First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890)."

Bulletin ID: Windows 1

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008

Bulletin ID: Windows 2

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003

Bulletin ID: Windows 3

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows XP, Windows Server 2003

Bulletin ID: VPC/VS

Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC 2004, Virtual PC 2007, Virtual Server 2005

Bulletin ID: ISA

Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Internet Security and Acceleration Server 2006

Bulletin ID: Publisher

Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Publisher 2007

Although Microsoft does not anticipate any changes, the number of bulletins, products affected, restart information, and severity of the bulletins are subject to change until released.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...