July 2009 Bulletin Release

Summary of Microsoft’s monthly security bulletin release for July 2009.

This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days. In fact, as we discussed in the advance notification blog post last week, two of those are under active attack and were discussed in security advisories which are being replaced with the release of these bulletins.

The remaining three bulletins are all rated Important and affect Microsoft Office Publisher, Microsoft ISA Server, and both Virtual PC and Virtual Server. The first two also have Exploitability Index ratings of “1” so please consider this while doing your risk assessment.

In total, we are addressing nine vulnerabilities this month. All of these vulnerabilities have an Exploitability Index rating of “1” except for the single vuln being addressed in the Virtual PC bulletin, MS09-033 which is rated a “2”.

In the video below, Adrian Stone and I provide a little more discussion on risk and impact concerning this month’s bulletins and Security Advisory 973472 which we released yesterday, July 13, 2009, for Office Web Components:

Get Microsoft Silverlight More viewing and listening options:

We invite you to attend our regular monthly webcast tomorrow where we will go in to detail on each bulletin and address your questions with the help of a room full of subject matter experts. Please also check the Security Research and Defense blog for additional technical information on these updates. 

Webcast info: Wednesday, July 15, 2009, at 11:00 a.m. PDT (UTC –7). Click HERE to register.


Jerry Bryant

*This posting is provided "AS IS" with no warranties, and confers no rights*