|
Title: SECURITY: Microsoft's July 2009 update now available Post by: Trippy on July 14, 2009, 06:48:47 PM Mucho Critical fixes this month including a patch for the DirectShow ActiveX component flaw that was described here (http://forums.f13.net/index.php?topic=17358.0). Unfortunately there's *another* ActiveX (Microsoft Office Web Components Control) exploit that's being actively, uh, exploited, that wasn't patched in this month's collection.
MS Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx Microsoft Update: http://update.microsoft.com/microsoftupdate/ SANS Overview: http://isc.sans.org/diary.html?storyid=6790 Unpatched ActiveX vulnerability: Microsoft Security Advisory (973472) Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution (http://www.microsoft.com/technet/security/advisory/973472.mspx) Title: Re: SECURITY: Microsoft's July 2009 update now available Post by: Trippy on July 28, 2009, 10:39:32 PM Microsoft released fixes for exploits they didn't patch two weeks ago. The IE exploit affects IE 5 - IE 8 so don't think just cause you no longer use IE 6 you are okay:
MS Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx SANS Overview: http://isc.sans.org/diary.html?storyid=6874 Note that the ActiveX exploit described here and mentioned at top: http://www.microsoft.com/technet/security/advisory/973472.mspx still hasn't been patched AFAIK. There's a workaround where you basically disable the components in IE (details in above link). |