JPCERT-AT-2009-0011 JPCERT/CC 2009-06-10 <<< JPCERT/CC Alert 2009-06-10 >>> June 2009 Microsoft Security Bulletin (including six critical patches) https://www.jpcert.or.jp/at/2009/at090011.txt I. Overview Microsoft has released its security bulletin summary for June 2009, which contains six security updates with severity rating "Critical". A remote attacker could use this vulnerability to execute arbitrary code. For further information about this vulnerability, refer to the following URLs. Microsoft Security Bulletin Summary for June 2009 http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx [Critical Security Update] MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) https://www.microsoft.com/technet/security/bulletin/ms09-018.mspx MS09-019 Cumulative Security Update for Internet Explorer (969897) https://www.microsoft.com/technet/security/bulletin/ms09-019.mspx MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) https://www.microsoft.com/technet/security/bulletin/ms09-021.mspx MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) https://www.microsoft.com/technet/security/bulletin/ms09-022.mspx MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) https://www.microsoft.com/technet/security/bulletin/ms09-024.mspx MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) https://www.microsoft.com/technet/security/bulletin/ms09-027.mspx A vulnerability in Microsoft DirectShow is yet to be resolved. Please take special precautions until mitigations are released. Microsoft Security Advisory (971778) Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution https://www.microsoft.com/technet/security/advisory/971778.mspx Additionally, resolutions are now available for the following products which were listed in Microsoft's May 2009 security bulletins but were unresolved at the time: Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5 and Microsoft Works 9. MS09-017 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) https://www.microsoft.com/japan/technet/security/bulletin/MS09-017.mspx II. Solution Use means such as Microsoft Update or Windows Update to apply the security update immediately. Microsoft Update https://update.microsoft.com/ Windows Update https://windowsupdate.microsoft.com/ Office Update http://office.microsoft.com/officeupdate/ IV. References Microsoft Security Bulletin Summary for May 2009 https://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx US-CERT Technical Cyber Security Alert TA09-160A Microsoft Updates for Multiple Vulnerabilities https://www.us-cert.gov/cas/techalerts/TA09-160A.html If you have any information you could provide regarding this alert, please contact us. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: 03-3518-4600 FAX: 03-3518-4602 https://www.jpcert.or.jp/