July 2009 Microsoft Security Bulletins

Latest set of Microsoft Security Bulletins comes only a day after the publicly exploited vulnerability in Office Web Components was disclosed and exploited by several websites hosted in China.

There are 3 Bulletins rated Critical by Microsoft and those are the most interesting for malware writers too, with exploits for MS09-032 already seen in the wild for more than a week. All currently known exploits for MS09-032 are detected by Sophos products as Exp/VidCtl-A or proactively as Troj/JSShell-D.

MS09-029 is an vulnerability in Embedded OpenType Font Engine which allows the attacker to take complete control over the victim’s system by serving maliciously crafted font files embedded in web pages. This vulnerability has a potential to become popular in the malware writing circles considering its web based delivery mechanism.

As always, we have created our own vulnerability analyses and we will be looking actively for any new exploits appearing in the next few weeks to add the detection for them.

Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution – MS09-028
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution
Cumulative Security Update of ActiveX Kill Bits