July 14, 2009, 2:27PM
Microsoft Plugs Critical Windows, IE Vulnerabilities
Comment 
Microsoft today released six bulletins with fixes for at least nine documented security vulnerabilities in a range of products that put users at risk of malicious hacker attacks.
At least two of the vulnerabilities are currently being attacked in the wild so it's imperative that Windows users and administrators treat these patches with the highest possible priority.
Of the six bulletins in the July batch of patches, three are rated "critical," Microsoft's highest severity rating.
They are:
- MS09-029: This covers two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. Rated rated "critical" for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
- MS09-028: This update fixes three separate vulnerabiliteis (one publicly disclosed and under attack!) in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file.
- MS09-032: This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer that uses the ActiveX control. This vulnerability is currently being exploited in the wild! Rated "critical"for all supported editions of Windows XP and "moderate" for all supported editions of Windows Server 2003.
Three other bulletins were issued to cover a solitary bug (rated "important") in Microsoft Virtual PC and Microsoft Virtual Server; a privilege escalation issue in Microsoft Internet Security and Acceleration (ISA) Server 2006; and a remote code execution hole in Microsoft Office Publisher.
It's important to keep in mind that another ActiveX control vulnerability has been confirmed by Microsoft but is not yet patched. This is also being exploited in the wild.
Microsoft has shipped a Fix it tool to assist users in mitigating the risks associated with this vulnerability.
Commenting on this Article is closed.
Today's Most Popular
- Yahoo Includes Private Key in Source File For Axis Chrome Extension
- Researchers Unveil New Way to Trust Certificates
- FBI Warns Top Firms Of Anonymous Protest Hacks on May 25
- DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (10)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (14)
-
FBI Warns Top Firms Of Anonymous Protest Hacks on May 25 (2)
-
DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S. (3)
-
Facebook Cancellation Malware Disguised As Adobe Update Making Rounds (3)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
21%
Only connect to password-protected, secure connections
39%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 70
Follow Threatpost
 |  |  |  |
| Tumblr |
