Patch Tuesday Wednesday (JUL-2009)

This month we have 6 new security bulletins, a restart will be required.

In total, we are addressing nine vulnerabilities this month. All of these vulnerabilities have an Exploitability Index rating of “1” except for the single vuln being addressed in the Virtual PC bulletin, MS09-033 which is rated a “2”. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS09-028	971633	Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-029	961371	Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS09-030	969516	Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office
MS09-031	970953	Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege	Elevation of Privilege	Important	Microsoft ISA Server
MS09-032	973346	Cumulative Security Update of ActiveX Kill Bits	Remote Code Execution	Critical	Microsoft Windows
MS09-033	969856	Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege	Elevation of Privilege	Important	Virtual PC, Virtual Server

For this month:
A multitude of vulnerabilities allowing random code execution.

PATCH NOW:
NOW: MS09-028, MS09-032

LINKS:
[1.] July 2009 Bulletin Release (2009-Jul-14) [MS: MSRC]
[2.] Microsoft July Black Tuesday Overview (2009-Jul-14) [SANS]
[3.] Microsoft Security Bulletin Summary for July 2009 (2009-Jul-14) [MS]
[4.] Microsoft security updates for July 2009 (2009-Jul-14) [MS]
[5.] Microsoft Patch Disclosure – July 2009 (2009-Jul-14) [eEye]
[6.] MS09-033: The Virtual PC vulnerability is not a VM breakout issue (2009-Jul-14) [MS: SR&D]
[7.] MS09-031: More information about the ISA issue (2009-Jul-14) [MS: SR&D]
[8.] MS09-029: Vulnerabilities in the EOT parsing engine (2009-Jul-14) [MS: SR&D]

CRP09-030