Patch Tuesday is here. From the Microsoft Security Bulletin, there are six security updates. There are two for the Windows operating system, one for the Microsoft Office system, one for the Windows Internet Explorer browser, one for Microsoft ISA Server, and one for Microsoft Virtual PC.
Tuesday, July 14, 2009
Most important I believe is the fix for the Internet Explorer Video Active X exploit. Microsoft Security Bulletin MS09-032 patches this one by setting killbits in IE to stop the exploit before it can do anything.
Here are the specific updates:
MS09-032 - addresses a vulnerability in Microsoft Internet Explorer (KB 973346) - This one is mentioned above with the Video Active X issue.
MS09-028 - addresses a vulnerability in Microsoft Windows (KB 971633) - This addresses vulnerbilities in DirectShow that could allow specially crafted Quicktime files to gain the same rights as the current user. Not good if you are logged in as an admin user, like most people are.
MS09-029 - addresses a vulnerability in Microsoft Windows (KB 961371) - Embedded OpenType Font Engine which could allow your computer to be taken over.
MS09-030 - addresses a vulnerability in Microsoft Office (KB 969516)
MS09-031 - addresses a vulnerability in Microsoft ISA Server (KB 970953)
MS09-033 - addresses a vulnerability in Microsoft Virtual PC (KB 969856)