image
Microsoft released 3 patches for windows xp in this month july 2009. All three have been rated as critical and must be installed immediately.

KB973346 – Cumulative Security Update for ActiveX Killbits
KB961371 – Embedded OpenType Font Engine Could Allow Remote Code Execution
KB971633 – Microsoft DirectShow Could Allow Remote Code Execution

  1. Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
    This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  2. Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
    This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  3. Cumulative Security Update of ActiveX Kill Bits (973346)
    This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Summary of Patch for Windows XP released in July 2009
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx

Technorati Tags:
Microsoft, Vulnerabilities, OpenType, Font, Engine, Could, Remote, Code, Execution, component, attacker, system, data, Cumulative, Update, ActiveX, Kill, Video, Control, Internet, Explorer, Patches, Users

LEAVE A REPLY

Please enter your comment!
Please enter your name here