Six fixes issued, but new IE zero day emerges along with Firefox flaw.
Microsoft
has issued its monthly ‘Patch Tuesday’ security update, with some serious browser flaws patched, but a new
IE
zero-day has been seen being exploited in the wild, and
Firefox
users have also been warned about a serious vulnerability.
The Patch Tuesday release contained a total of six bulletins, of which three were ranked ‘Critical’. These included cover for some of the
DirectShow
vulnerabilities uncovered and exploited in the wild in recent weeks, but it seems users of
Windows
are doomed never to rest easy, as details of another zero-day, this time in
Microsoft Office Web Components
, were widely publicised just the day before Patch Tuesday, with reports of active exploitation on malicious websites hosted in China.
Other serious vulnerabilities addressed by the
Patch Tuesday
updates include problems with the ‘
Embedded OpenType Font Engine
‘, a selection of issues with ActiveX, and in the less significant category, vulnerabilities in
VirtualPC
and
Virtual Server
,
ISA Server
and
Office Publisher
.
The
Firefox
bug is in the
Javascript
compiler system, and affects the latest version, 3.5. Like the
IE
problems, it could be exploited by malicious sites to allow remote system access. A blog entry on the issue is on the
Mozilla
security pages
here
, with a
Secunia
overview
here
.
The full Patch Tuesday release from
Microsoft
is
here
, with an advisory on the latest problem to emerge
here
–
Secunia
‘s coverage of it is
here
, and a
McAfee
blog entry detailing the exploitation is
here
.
Posted on 15 July 2009 by
Virus Bulletin
Leave a Reply