Home > Documents > Security Alerts > 2009 > July 2009 Microsoft Security Bulletin (including three critical patches)

July 2009 Microsoft Security Bulletin (including three critical patches) 


 

                                                   JPCERT-AT-2009-0013
                                                             JPCERT/CC
                                                            2009-07-15

                  <<< JPCERT/CC Alert 2009-07-15 >>>

                July 2009 Microsoft Security Bulletin
                  (including three critical patches)

             https://www.jpcert.or.jp/at/2009/at090013.txt

I. Overview

    Microsoft has released its security bulletin summary for July
2009, which contains three security update with severity rating
"Critical".

    As a result of this vulnerability, a remote attacker could use
this vulnerability to execute arbitrary code.

    For further information about this vulnerability, please refer
to the following URLs.

    Microsoft Security Bulletin Summary for July 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx


    [Critical Security Update]

    MS09-028
    Vulnerabilities in Microsoft DirectShow Could Allow Remote Code
    Execution (971633)
    http://www.microsoft.com/technet/security/bulletin/ms09-028.mspx
    
    MS09-029
    Vulnerabilities in the Embedded OpenType Font Engine Could Allow
    Remote Code Execution (961371)
    http://www.microsoft.com/technet/security/bulletin/ms09-029.mspx
    
    MS09-032
    Cumulative Security Update of ActiveX Kill Bits (973346)
    http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx

    Included in this update are fixes for both the Microsoft
DirectShow vulnerability reported in May 2009 as well as the
Microsoft Video ActiveX Control vulnerability reported in July
2009.
    
    Additionally, an as-yet unpatched vulnerability has been reported
in Microsoft Office Web Components, allowing for the remote execution
of code. Users are recommended to take extra care while a fix is
prepared.  Please see the following Microsoft advisory for further
information:
    
    Microsoft Security Advisory (973472)
    Vulnerability in Microsoft Office Web Components Control Could
      Allow Remote Code Execution
    http://www.microsoft.com/technet/security/advisory/973472.mspx
    
    Finally, support for Microsoft Office 2000 finished on 14 July
    2009.  After this date, fixes for any new security issues that
    may emerge will not be released.
    

II. Solution

  Use means such as Microsoft Update or Windows Update to apply the
security update immediately.

    Microsoft Update
    https://update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/


III. References

    Microsoft Security Bulletin Summary for July 2009
    http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx    

    US-CERT Technical Cyber Security Alert TA09-195A
    Microsoft PowerPoint Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA09-195A.html
    
    Patches for vulnerabilities previously being exploited in the wild:

    Microsoft Security Advisory (973472)
    Vulnerability in Microsoft Office Web Components Control Could
      Allow Remote Code Execution
    http://www.microsoft.com/technet/security/advisory/973472.mspx

    Microsoft Security Advisory (972890)
    Vulnerability in Microsoft Video ActiveX Control Could Allow
      Remote Code Execution
    http://www.microsoft.com/technet/security/advisory/972890.mspx
    
  If you have any additional information regarding this alert, please
contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
Top