Microsoft made available a total of six security bulletins impacting Windows platforms, Office Publisher, ISA Server, and Virtual PC and Virtual Server. Three of the patch packages affect various releases of the Windows client and server operating systems, including Windows Vista Service Pack 2 and Windows XP SP3, and are all rated Critical. The other half of the July 2009 security bulletins is considered to pose a smaller risk to end users, and was rated Important. Regardless, users should patch their systems as soon as possible, Microsoft having already started serving the security patches through Windows Update.
Details Of Security Bulletins:
MS09-028 (Maximum severity of Critical): This update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow, which could allow remote code execution. This update received a 1 rating from Microsoft’s Exploitability Index.
MS09-029 (Maximum severity of Critical): This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine, which could allow remote code execution. This update received a 1 rating from Microsoft’s Exploitability Index.
MS09-030 (Maximum severity of Important): This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution. This update received a 1 rating from Microsoft’s Exploitability Index.
MS09-031 (Maximum severity of Important): This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006, which could allow elevation of privilege. This update received a 1 rating from Microsoft’s Exploitability Index.
MS09-032 (Maximum severity of Critical): This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control, which could allow remote code execution. This update received a 1 rating from Microsoft’s Exploitability Index.
MS09-033 (Maximum severity of Important): This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server, which could allow an attacker to execute arbitrary code. This update received a 2 rating from Microsoft’s Exploitability Index.