Microsoft July 09 Patch Tuesday: 6 Security Bulletins
As part of the Patch Tuesday program - which states that Microsoft will roll out updates, patches and fixes for its products every month on the second Tuesday – the Redmond-based software developer plans to address a total of 6 security bulletins this month. The platforms affected by these bulletins are: the Windows operating system, Publisher, Internet Security and Acceleration Server, Virtual PC and Virtual Server.
On behalf of the Microsoft Security Response Center (MSRC), Jerry Bryant explains: “Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of:
Three Critical updates affecting Windows.
One Important update affecting Publisher.
One Important update affecting Internet Security and Acceleration (ISA) Server.
One Important update affecting Virtual PC and Virtual Server.”
One of the security issues that Microsoft will address with the July 2009 Patch Tuesday release is the recently reported critical vulnerability affecting the company’s Direct Show Platform. If a person with malicious intent gets you to open a specially crafted QuickTime media file, then said person could perform remote code execution because there is a problem with how QuickTime files are parsed. This issue affects Microsoft DirectShow on Windows 2000, Windows XP and Windows Server 2003; limited attacks have been detected (details here).
One other issue Microsoft will address is the Microsoft Video ActiveX Control vulnerability that when exploited by a person with malicious intent would give the attacker the same user rights as the local user. If you are using Internet Explorer to browse the web, the attacker could perform remote code execution with no user intervention. This issue affects Windows XP and Windows Server 2003 users. In the meantime you are well advised to implement the workaround provided by Microsoft (details here).
“Customers who have already implemented the killbits manually or through the FixIt workaround won’t need to implement next week’s security update, though we recommend that you apply the update to ensure that reporting accurately shows that the systems are fully protected. We’re on track to release the security update next Tuesday. But if you haven’t implemented the killbits already, we recommend that you go ahead and do that to protect yourself against the attacks,” explained a MSRC team member.
On behalf of the Microsoft Security Response Center (MSRC), Jerry Bryant explains: “Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of:
Three Critical updates affecting Windows.
One Important update affecting Publisher.
One Important update affecting Internet Security and Acceleration (ISA) Server.
One Important update affecting Virtual PC and Virtual Server.”
One of the security issues that Microsoft will address with the July 2009 Patch Tuesday release is the recently reported critical vulnerability affecting the company’s Direct Show Platform. If a person with malicious intent gets you to open a specially crafted QuickTime media file, then said person could perform remote code execution because there is a problem with how QuickTime files are parsed. This issue affects Microsoft DirectShow on Windows 2000, Windows XP and Windows Server 2003; limited attacks have been detected (details here).
One other issue Microsoft will address is the Microsoft Video ActiveX Control vulnerability that when exploited by a person with malicious intent would give the attacker the same user rights as the local user. If you are using Internet Explorer to browse the web, the attacker could perform remote code execution with no user intervention. This issue affects Windows XP and Windows Server 2003 users. In the meantime you are well advised to implement the workaround provided by Microsoft (details here).
“Customers who have already implemented the killbits manually or through the FixIt workaround won’t need to implement next week’s security update, though we recommend that you apply the update to ensure that reporting accurately shows that the systems are fully protected. We’re on track to release the security update next Tuesday. But if you haven’t implemented the killbits already, we recommend that you go ahead and do that to protect yourself against the attacks,” explained a MSRC team member.
