ITSS-Advisory : MEDIUM : Microsoft : Various Products : Various Issues

THREAT LEVEL
============
Medium.

INFORMATION
===========
Microsoft has released 6 bulletins in its scheduled release for July 2009.
A list of bulletins released by Microsoft is available at:
http://www.microsoft.com/technet/security/current.aspx

The bulletins are summarised as follows:

Affected: Virtual PC and Virtual Server
Impact: Arbitrary Code Execution on guest operating system
Rating: Important
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-033.mspx

Affected: Microsoft Video ActiveX on Various Microsoft Operating Systems
Impact: Arbitrary Code Execution
Rating: Critical
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx

Affected: Microsoft ISA Server 2006
Impact: Privilege escalation
Rating: Important
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-031.mspx

Affected: 2007 Microsoft Office System SP 1
Impact: Remote Code Execution
Rating: Important
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-030.mspx

Affected: Embedded OpenType Font Engine on various Microsoft Operating Systems
Impact: Remote Code Execution
Rating: Critical
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-029.mspx

Affected: DirectShow on various Microsoft Operating Systems
Impact: Remote Code Execution
Rating: Critical
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-028.mspx

ACTION
======
Administrators of affected computers are advised to review the bulletins,
test and apply relevant updates.

Computers in the testbed will have the patches applied immediately, and their
performance will be monitored. The effects of the patch on these computers will
be sent to its-announce@unimelb.edu.au by early afternoon on Fri 17 July 2009.