Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Microsoft Fixes Nine Vulnerabilities In July Patch
Two zero-day vulnerabilities are addressed in Microsoft's July patch cycle, but a third flaw that was revealed on Monday remains.
2 Min Read
Microsoft on Tuesday released six security bulletins addressing nine different vulnerabilities in its software as part of its monthly patch cycle.
The July crop of patches includes three bulletins designated "critical" and three bulletins designated "important."
Affected software includes Windows, Microsoft Office, Internet Security and Acceleration (ISA) Server, Virtual PC and Virtual Server.
Two of the "critical" bulletins address vulnerabilities in the Microsoft's Video ActiveX Control and DirectShow component. Microsoft warned customers about these "browse-and-get-owned" vulnerabilities in July and May, respectively.
"Today's release is important because patches were released for two recent zero-day attacks -- a QuickTime file parsing vulnerability and the recently announced DirectShow vulnerability," said Eric Schultze, CTO of Shavlik. "Both vulnerabilities are reported as being actively exploited on the Internet."
The third "critical" bulletin provides a fix for a vulnerability in the Embedded OpenType Font Engine, which is used in all versions of Windows, including Vista and Windows Server 2008.
On Monday, Microsoft issued a Security Advisory about a vulnerability in Office Web Components Spreadsheet ActiveX software. No fix for this vulnerability was included in Microsoft's July patch, though the company has provided Fit-It link that disables the vulnerable component as a workaround.
The "important" bulletins include a vulnerability in Microsoft proxy server ISA 2006. "As administrator usernames are often easy to guess this vulnerability deserves special attention, if IT organizations are using ISA with the Radius configuration," said Qualys CTO Wolfgang Kandek in an e-mailed statement.
The second "important" bulletin covers a vulnerability in the Publisher component of Office 2007. And the third fixes a privilege elevation flaw in Virtual PC and Virtual Server.
Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.
Read more about:
2009About the Author(s)
You May Also Like
More Insights
Webinars
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
