-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-195A


Microsoft Updates for Multiple Vulnerabilities

   Original release date: July 14, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows and Windows Server
     * Microsoft DirectShow
     * Microsoft Virtual PC and Server
     * Microsoft Office Publisher
     * Microsoft Internet Security and Acceleration (ISA) Server


Overview

   Microsoft has released updates that address vulnerabilities in
   Microsoft Windows, Windows Server, DirectShow, Virtual PC and
   Server, Office Publisher, and ISA Server.


I. Description

   As part of the Microsoft Security Bulletin Summary for July 2009,
   Microsoft has released updates that address several vulnerabilities
   in Microsoft Windows, Windows Server, DirectShow, Windows Virtual
   PC and Server, Office Publisher, and ISA Server. Microsoft
   indicates that two of these vulnerabilities, CVE-2009-1537 and
   CVE-2008-0015, are being actively exploited.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code,
   gain elevated privileges, or cause a vulnerable application to
   crash.


III. Solution

   Microsoft has provided updates for these vulnerabilities in the
   Microsoft Security Bulletin Summary for July 2009. The security
   bulletin describes any known issues related to the updates.
   Administrators are encouraged to note these issues and test for any
   potentially adverse effects. Administrators should consider using
   an automated update distribution system such as Windows Server
   Update Services (WSUS).


IV. References

 * Microsoft Security Bulletin Summary for July 2009 -
   <http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx>

 * Microsoft Windows Server Update Services -
   <http://technet.microsoft.com/en-us/wsus/default.aspx>

 * New vulnerability in quartz.dll Quicktime parsing -
   <http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx>

 * CVE-2009-1537 -
   <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1537>

 * VU#180513 - Microsoft Video ActiveX control stack buffer overflow -
   <http://www.kb.cert.org/vuls/id/180513>

 * TA09-187A - Microsoft Video ActiveX Control Vulnerability -
   <http://www.us-cert.gov/cas/techalerts/TA09-187A.html>

 * CVE-2008-0015 -
   <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-195A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA09-195A Feedback VU#631820" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  July 14, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSlz5hHIHljM+H4irAQJAAQf/alOhtn6chnXPtgR7M4oI32H3UWHWj0B3
9GKVVMVcg4gR7g/C14hYk4E42djFDTG2t2I/0MjfkaIfMW0olvrGnzxNOh6b8koB
0Orp/BwoMeNNg5xQzSynH4jvU565HDbmPznedJ5h7GxJOqhpO5V2UiHqpRh/A3BS
bz2Kxs2v87Hek+2+K/Y6VE80cvx3zk55c/J4gD4HsYXvTKpFh/isZ2bV6VvkZZRO
FmJF7N1t9La7xuY1bQB7eIrmKcHBTVV1j/cpWnRPse1cQ1B9R0pB+IykSCxIIw7W
9ZEyPoigjYX1MJUfVj/OkI0pUTDF+6iCEcwvTQu+QnM8BJGpIbyC5A==
=xm9M
-----END PGP SIGNATURE-----