SECURITY: Microsoft's July 2009 update now available

[Trippy]

Mucho Critical fixes this month including a patch for the DirectShow ActiveX component flaw that was described here. Unfortunately there's *another* ActiveX (Microsoft Office Web Components Control) exploit that's being actively, uh, exploited, that wasn't patched in this month's collection.

MS Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx

Microsoft Update:
http://update.microsoft.com/microsoftupdate/

SANS Overview:
http://isc.sans.org/diary.html?storyid=6790

Unpatched ActiveX vulnerability:
Microsoft Security Advisory (973472) Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution

[Trippy]

Microsoft released fixes for exploits they didn't patch two weeks ago. The IE exploit affects IE 5 - IE 8 so don't think just cause you no longer use IE 6 you are okay:

MS Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

SANS Overview:
http://isc.sans.org/diary.html?storyid=6874


Note that the ActiveX exploit described here and mentioned at top:

http://www.microsoft.com/technet/security/advisory/973472.mspx

still hasn't been patched AFAIK. There's a workaround where you basically disable the components in IE (details in above link).