July 2009 Microsoft Security Updates
- Thursday, July 16, 2009, 2:29
- Threat Research
Six security bulletins were released by Microsoft for July, which covers one of the two vulnerabilities exploited by cybercriminals in the last 2 weeks.
The Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution was used in a zero-day attack last week that involved around 967 compromised Chinese websites. A script that triggered the exploit was inserted in the said websites, which when successfully executed drops WORM_KILLAV.AI into the affected system. The security advisory MS09-032 already addresses the vulnerability used in this attack.
Here is the full list of security advisories issued for this month:
(MS09-028) Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) (MS09-029) Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) (MS09-030) Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) (MS09-031) Vulnerabilities in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) (MS09-032) Cumulative Security Update of ActiveX Kill Bits (973346) (MS09-033) Vulnerability Continue reading...