By Thomas Claburn
July 14, 2009
Microsoft (NSDQ: MSFT) on Tuesday released six security bulletins
addressing nine different vulnerabilities in its software as part of its
monthly patch cycle.
The July crop of patches includes three bulletins designated "critical"
and three bulletins designated "important."
Affected software includes Windows, Microsoft Office, Internet Security
and Acceleration (ISA) Server, Virtual PC and Virtual Server.
Two of the "critical" bulletins address vulnerabilities in the
Microsoft's Video ActiveX Control and DirectShow component. Microsoft
warned customers about these "browse-and-get-owned" vulnerabilities in
July and May, respectively.
"Today's release is important because patches were released for two
recent zero-day attacks -- a QuickTime file parsing vulnerability and
the recently announced DirectShow vulnerability," said Eric Schultze,
CTO of Shavlik. "Both vulnerabilities are reported as being actively
exploited on the Internet."
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com