Alert

Microsoft Updates for Multiple Vulnerabilities

Last Revised
Alert Code
TA09-195A

Systems Affected

  • Microsoft Windows and Windows Server
  • Microsoft DirectShow
  • Microsoft Virtual PC and Server
  • Microsoft Office Publisher
  • Microsoft Internet Security and Acceleration (ISA) Server

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Virtual PC and Server, Office Publisher, and ISA Server.

As part of the Microsoft Security Bulletin Summary for July 2009, Microsoft has released updates that address several vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Windows Virtual PC and Server, Office Publisher, and ISA Server. Microsoft indicates that two of these vulnerabilities, CVE-2009-1537 and CVE-2008-0015, are being actively exploited.

Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.

Solution

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for July 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).
 

References

Microsoft Security Bulletin Summary for July 2009
Microsoft Windows Server Update Services
New vulnerability in quartz.dll Quicktime parsing
VU#180513 - Microsoft Video ActiveX control stack buffer overflow
TA09-187A - Microsoft Video ActiveX Control Vulnerability
CVE-2009-1537
CVE-2008-0015

Revisions

July 14, 2009: Initial release|August 27, 2009: Updated

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Related Advisories