July 2009 Microsoft Security Bulletins

Filed Under: SophosLabs, Vulnerability

Latest set of Microsoft Security Bulletins comes only a day after the publicly exploited vulnerability in Office Web Components was disclosed and exploited by several websites hosted in China.

There are 3 Bulletins rated Critical by Microsoft and those are the most interesting for malware writers too, with exploits for MS09-032 already seen in the wild for more than a week. All currently known exploits for MS09-032 are detected by Sophos products as Exp/VidCtl-A or proactively as Troj/JSShell-D.

MS09-029 is an vulnerability in Embedded OpenType Font Engine which allows the attacker to take complete control over the victim's system by serving maliciously crafted font files embedded in web pages. This vulnerability has a potential to become popular in the malware writing circles considering its web based delivery mechanism.

As always, we have created our own vulnerability analyses and we will be looking actively for any new exploits appearing in the next few weeks to add the detection for them.

Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution - MS09-028
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution
Cumulative Security Update of ActiveX Kill Bits

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.