Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly heavy month—the vendor is releasing eight bulletins covering a total of 21 vulnerabilities. Two of these issues are covered in more than one bulletin: CVE-2008-2540 in MS09-015 and MS09-014, and CVE-2009-0550 in MS09-013 and MS09-014.
Ten of the issues, rated “Critical,” are remote code-execution vulnerabilities affecting WordPad, Word, DirectX, Windows HTTP services, Internet Explorer, and Excel. The remaining issues, rated “Important” and “Moderate,” affect Windows, Internet Explorer, ISA Server, WordPad, and Windows HTTP services. Nearly all of the bulletins this month address issues that were previously disclosed or are variants of those issues.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available. - Block external access at the...
First the CollectEmailInfo vulnerability was exploited in the wild, then the util.printf vulnerability, followed by JBIG2, and Foxit. With the level of obfuscation of the exploits often used, distinguishing each vulnerability in the wild has become a problem. An in-the-wild exploit against the Adobe Reader Collab.getIcon vulnerability (described in BID 34169) was discovered on April 5. Adobe has already updated Reader to patch this...
