Microsoft Security Bulletin Summary for July 2009

Microsoft has released a security bulletin for July 2009 to address six vulnerabilities in Microsoft Windows products, three of them are critical. We strongly suggest applying the patches provided by Microsoft for these vulnerabilities.

Critical

Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution
This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely.

The patch and additional information are available here.

Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file.

The patch and additional information are available here.

Cumulative Security Update of ActiveX Kill Bits
This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control.

The patch and additional information are available here.

Important

Vulnerability in Virtual PC and Virtual Server (continue reading...)