JPCERT-AT-2009-0013
JPCERT/CC
2009-07-15
<<< JPCERT/CC Alert 2009-07-15 >>>
July 2009 Microsoft Security Bulletin
(including three critical patches)
https://www.jpcert.or.jp/at/2009/at090013.txt
I. Overview
Microsoft has released its security bulletin summary for July
2009, which contains three security update with severity rating
"Critical".
As a result of this vulnerability, a remote attacker could use
this vulnerability to execute arbitrary code.
For further information about this vulnerability, please refer
to the following URLs.
Microsoft Security Bulletin Summary for July 2009
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
[Critical Security Update]
MS09-028
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code
Execution (971633)
http://www.microsoft.com/technet/security/bulletin/ms09-028.mspx
MS09-029
Vulnerabilities in the Embedded OpenType Font Engine Could Allow
Remote Code Execution (961371)
http://www.microsoft.com/technet/security/bulletin/ms09-029.mspx
MS09-032
Cumulative Security Update of ActiveX Kill Bits (973346)
http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx
Included in this update are fixes for both the Microsoft
DirectShow vulnerability reported in May 2009 as well as the
Microsoft Video ActiveX Control vulnerability reported in July
2009.
Additionally, an as-yet unpatched vulnerability has been reported
in Microsoft Office Web Components, allowing for the remote execution
of code. Users are recommended to take extra care while a fix is
prepared. Please see the following Microsoft advisory for further
information:
Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could
Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/973472.mspx
Finally, support for Microsoft Office 2000 finished on 14 July
2009. After this date, fixes for any new security issues that
may emerge will not be released.
II. Solution
Use means such as Microsoft Update or Windows Update to apply the
security update immediately.
Microsoft Update
https://update.microsoft.com/
Windows Update
https://windowsupdate.microsoft.com/
III. References
Microsoft Security Bulletin Summary for July 2009
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
US-CERT Technical Cyber Security Alert TA09-195A
Microsoft PowerPoint Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Patches for vulnerabilities previously being exploited in the wild:
Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could
Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/973472.mspx
Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow
Remote Code Execution
http://www.microsoft.com/technet/security/advisory/972890.mspx
If you have any additional information regarding this alert, please
contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
Top