Microsoft Patches Nine Security Flaws
Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs.
Redmond issued patches to fix the vulnerability in its Video ActiveX Control for Internet Explorer, as well as the DirectShow flaw in Windows. Criminals currently are using both security holes to plant rogue software on PCs when users visit certain hacked or malicious Web sites.
Contrary to what Microsoft itself said, the company did not release an official patch to plug the other ActiveX flaw hackers are actively exploiting -- which I first wrote about yesterday. Instead, it has released an interim workaround to blunt the threat from that weakness. Unfortunately, someone at Redmond seems to be a little confused about this point. In its advisory, Microsoft replaced the "Fix It" tool for this flaw with the erroneous statement: "Microsoft has completed the investigation into a public report of this vulnerability. We have issued security bulletin MS09-032 (http://go.microsoft.com/fwlink/?LinkId=157386) to address this issue." I have notified Microsoft and will post an update here when Microsoft has resolved this.
Also patched today were vulnerabilities in Microsoft Office, Internet Security and Acceleration (ISA) Server, Virtual PC and Virtual Server. The latter three are products mainly used by businesses.
As always, please drop us a line in the comments if you experience any issues after applying this updates.
Update, 4:37 p.m. ET: Microsoft appears to have revised its advisory, to put the "Fit It" tool back in for the vulnerability I wrote about yesterday.
July 14, 2009; 4:28 PM ET
Categories: Latest Warnings , New Patches , Safety Tips | Tags: 0day, activex, patch tuesday
Save & Share: Previous: Stopgap Fix for Critical Firefox 3.5 Security Hole
Next: Spammers, Virus Writers Abusing URL Shortening Services
Posted by: artyaffe | July 14, 2009 6:02 PM | Report abuse
Posted by: Eremita1 | July 14, 2009 6:09 PM | Report abuse
Posted by: JRandomHacker | July 14, 2009 6:26 PM | Report abuse
Posted by: BTKrebs | July 14, 2009 7:21 PM | Report abuse
Posted by: jtprussell | July 14, 2009 8:15 PM | Report abuse
Posted by: eiverson1 | July 15, 2009 2:53 PM | Report abuse
The comments to this entry are closed.