Symantec: Microsoft Patch Tuesday for July 2009

This month, Microsoft issued six security bulletins addressing a total of nine vulnerabilities, six of which are rated as critical. Of note this month is that Microsoft has included an update for the video ActiveX zero-day vulnerability being exploited in-the-wild through Internet Explorer, which was identified on July 6. The update effectively disables the vulnerable controls.

In addition to today’s Patch Tuesday fixes, Microsoft issued an out-of-band security advisory yesterday addressing a vulnerability in Microsoft Office Web Components. Microsoft has posted an advisory and has developed a workaround to disable the vulnerable control.

“We’re glad to see Microsoft addressed the zero-day vulnerability in its video ActiveX control, even if it is not in the form of an actual patch,” said Ben Greenbaum, senior research manager, Symantec Security Response. “The flaw was already being exploited in Asia. There was potential for this to become a bigger problem for users if left unaddressed by Microsoft. In the meantime, the update that disables the vulnerable controls should help.”

This wasn’t the only critical vulnerability with exploit code available in the wild addressed this month. A vulnerability that was made public in late May that involved DirectX and QuickTime video files was also patched. This vulnerability would need the user to open a malicious file in order for an attacker to exploit it. To launch an attack exploiting the ActiveX vulnerability would only require users to visit a compromised Web site.

A video of Symantec Security Response’s Zulfikar Ramzan discussing the vulnerabilities addressed this month can be viewed here:
http://www.youtube.com/watch?v=KabkfQjaNvQ. Please feel free to post this video.

Symantec strongly encourages users to patch their system against these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.

Please visit the Symantec Security Response Weblog for more information and let me know if you are interested in speaking with a Symantec expert about any of these security vulnerabilities.

The Symantec Security Response blog can be viewed here:
http://www.symantec.com/business/security_response/weblog/

Additional information on Microsoft’s security bulletins can be found here:
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx