"This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days. In fact, as we discussed in the advance notification blog post last week, two of those are under active attack and were discussed in security advisories which are being replaced with the release of these bulletins."You may also want to watch the video presentation by Jerry Bryant and Adrian Stone at the MSRC Blog where they provide a little more discussion on risk and impact concerning this month’s bulletins and Security Advisory 973472.
Following is general information regarding the updates:
Critical:
MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Vulnerability Impact: Remote Code ExecutionMS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003
Vulnerability Impact: Remote Code ExecutionMS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
Vulnerability Impact: Remote Code ExecutionImportant:
Restart Requirement: May require restart
Affected Software: Microsoft Windows XP, Windows Server 2003
MS09-030 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516)
Vulnerability Impact: Remote Code ExecutionMS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Restart Requirement: May require restart
Affected Software: Microsoft Office Publisher 2007
Vulnerability Impact: Elevation of PrivilegeMS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Restart Requirement: Requires restart
Affected Software: Microsoft Internet Security and Acceleration Server 2006
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC 2004, Virtual PC 2007, Virtual Server 2005
Summaries for the July bulletins may be found at http://www.microsoft.com/technet/security/bulletin/MS09-Jul.mspx.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment