| TA09-195A: Microsoft Updates for Multiple Vulnerabilities Original release date: July 14, 2009
Last revised: August 27, 2009
Source: US-CERT
Systems Affected - Microsoft Windows and Windows Server
- Microsoft DirectShow
- Microsoft Virtual PC and Server
- Microsoft Office Publisher
- Microsoft Internet Security and Acceleration (ISA) Server
OverviewMicrosoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Virtual PC and Server, Office Publisher, and ISA Server.
I. DescriptionAs part of the Microsoft Security Bulletin Summary for July 2009, Microsoft has released updates that address several vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Windows Virtual PC and Server, Office Publisher, and ISA Server. Microsoft indicates that two of these vulnerabilities, CVE-2009-1537 and CVE-2008-0015, are being actively exploited.
II. ImpactA remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
III. SolutionMicrosoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for July 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).
IV. References
Feedback can be directed to US-CERT.
Produced 2009 by US-CERT, a government organization. Terms of use
Revision History July 14, 2009: Initial release
August 27, 2009: Fixed CVE URLs
|
