gestern Abend wurden die Microsoft Security Bulletins für Juli 2009 veröffentlicht. Die Veröffentlichung der Bulletins ersetzt die Bulletin Advance Notification, die erstmalig am 09.07.09 veröffentlicht wurde.

Weitere Infos findet Ihr in der Mail unten (engl.) und auch online auf: Microsoft Security Bulletin Summary für Juli*2009 (dt.)
In der unten folgenden Tabelle sind die Security Bulletins für diesen Monat nach Schweregrad geordnet.

Am Mittwoch, den 15. Juli 2009 führt Microsoft um 20:00 Uhr (MEZ) einen englischsprachigen Webcast durch, um Fragen zu diesen Bulletins zu beantworten. Registriert Euch jetzt für den Security Bulletin-Webcast im Juli TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200). Im Anschluss steht dieser Webcast auf Anfrage zur Verfügung. Weitere Informationen dazu findet Ihr unter Microsoft Security Bulletin Zusammenfassungen und Webcasts. Microsoft Security Bulletin Summaries and Webcasts

______________________________________

What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletin(s) being released on July 14, 2009. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:

Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS09-028 Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) Critical
Remote Code Execution May require restart Microsoft Windows 2000, Windows XP, Windows Server 2003
MS09-029 Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) Critical
Remote Code Execution Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
MS09-030 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516) Important
Remote Code Execution May require restart Microsoft Office Publisher 2007
MS09-031 Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) Important
Elevation of Privilege Requires restart Microsoft Internet Security and Acceleration Server 2006
MS09-032 Cumulative Security Update of ActiveX Kill Bits (973346) Critical
Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003
MS09-033 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) Important
Elevation of Privilege Requires restart Virtual PC 2004, Virtual PC 2007, Virtual Server 2005

Summaries for new bulletin(s) may be found at Microsoft Security Bulletin Summary for July 2009.

Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Note: this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000.

High-Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB Article found at Description of Software Update Services and Windows Server Update Services changes in content for 2009.

Public Bulletin Webcast

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft July Security Bulletins (Level 200)
Date: Wednesday, July 15, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200)

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at Please Verify your Location.

Bulletin Identifier Microsoft Security Bulletin MS09-028
Bulletin Title Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Executive Summary This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file.

The security update addresses the vulnerabilities by correcting the way that DirectShow parses QuickTime media files and validates pointer values and size fields within QuickTime media files.
Severity Ratings This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors * Maliciously Crafted QuickTime Media File
* Maliciously Crafted Web Page
* Maliciously Crafted E-mail Attachment
Mitigating Factors * An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Users would have to be persuaded to visit a malicious Web site.
* Windows Vista and Windows Server 2008 are not affected.
Restart Requirement This update may require a restart.
Removal Information Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
Bulletins Replaced by This Update For Windows 2000: MS08-033
For Windows 2000, Windows XP, Windows Server 2003: MS09-011
Full Details Microsoft Security Bulletin MS09-028 - Critical: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)


Bulletin Identifier Microsoft Security Bulletin MS09-029
Bulletin Title Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Executive Summary This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely.

The update addresses the vulnerability by correcting the way that the Microsoft Windows EOT component parses files and content containing embedded fonts.
Severity Ratings This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Affected Software Microsoft Office Publisher 2007
Attack Vectors * Maliciously Crafted Web Page
* Maliciously Crafted E-mail
* Maliciously Crafted PowerPoint File
* Maliciously Crafted Word Document
Mitigating Factors * Users would have to be persuaded to visit a malicious Web site or to open an e-mail attachment.
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement This update requires a restart.
Removal Information * For Windows 2000, Windows XP, and Windows Server 2003, use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
* For Windows Vista, and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update For Windows 2000 and Windows XP SP2: MS06-002
Full Details Microsoft Security Bulletin MS09-029 - Critical: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)


Bulletin Identifier Microsoft Security Bulletin MS09-030
Bulletin Title Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This update addresses the vulnerability by modifying the way that Microsoft Office Publisher opens Publisher files.
Severity Ratings This security update is rated Important for Microsoft Office Publisher 2007 SP1.
Affected Software Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Attack Vectors * Maliciously Crafted Web Page
* Maliciously Crafted E-mail Attachment
* Maliciously Crafted Publisher File
Mitigating Factors * Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
* Users would have to be persuaded to visit a malicious Web site or to open an e-mail attachment.
* Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
Restart Requirement This update may require a restart.
Removal Information Use Add or Remove Programs tool in Control Panel.
Bulletins Replaced by This Update MS08-027
Full Details Microsoft Security Bulletin MS09-030 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)


Bulletin Identifier Microsoft Security Bulletin MS09-031
Bulletin Title Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.

The security update addresses the vulnerability by rejecting requests that cannot be authenticated using Radius OTP.
Severity Ratings This security update is rated Important for Microsoft Internet Security and Acceleration (ISA) Server 2006.
Affected Software Microsoft Internet Security and Acceleration Server 2006
Attack Vectors A logon attempt with a legitimate username.
Mitigating Factors If the ISA server is not set up for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation, then it is not vulnerable.
Restart Requirement This update requires a restart.
Removal Information Use Add or Remove Programs tool in Control Panel.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS09-031 - Important: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)


Bulletin Identifier Microsoft Security Bulletin MS09-032
Bulletin Title Cumulative Security Update of ActiveX Kill Bits (973346)
Executive Summary This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. The security update addresses the vulnerability by setting a kill bit so that the vulnerable control does not run in Internet Explorer.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 972890.
Severity Ratings This security update is rated Critical for all supported editions of Windows XP and Moderate for all supported editions of Windows Server 2003.
Affected Software Microsoft Windows XP, Windows Server 2003.

Note: the vulnerability discussed in this bulletin does not affect Windows 2000, Windows Vista or Windows Server 2008. However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers with this software apply this security update.
Attack Vectors A Maliciously Crafted Web Page
Mitigating Factors * Windows Vista and Windows Server 2008 are not affected.
* Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Users would have to be persuaded to visit a malicious Web site.
* By default, Internet Explorer on Windows Server 2003 and 2008 runs in a restricted mode.
* By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted sites zone.
Restart Requirement This update may require a restart.
Removal Information For Windows 2000, Windows XP, and Windows Server 2003, use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

For Windows Vista, and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update MS08-032
Full Details Microsoft Security Bulletin MS09-032 - Critical: Cumulative Security Update of ActiveX Kill Bits (973346)


Bulletin Identifier Microsoft Security Bulletin MS09-033
Bulletin Title Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by enforcing validation of privilege levels when executing machine instructions.
Severity Ratings This security update is rated Important for all supported editions of Virtual PC 2004, Virtual PC 2007, and Virtual Server 2005.
Affected Software Virtual PC 2004, Virtual PC 2007, Virtual Server 2005
Attack Vectors * Maliciously Crafted Application
* Maliciously Crafted Script
Mitigating Factors * An attacker must be able to authenticate and log in to the virtual machine guest OS.
* Windows Server 2008 Hyper-V is not affected by this vulnerability.
* Windows Virtual PC and Windows XP Mode on Windows 7 are not affected by this vulnerability.
* Deployments using Hardware Assisted Virtualization (HAV) are not affected.
Restart Requirement This update requires a restart.
Removal Information This update cannot be uninstalled.
Bulletins Replaced by This Update None
Full Details Microsoft Security Bulletin MS09-033 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's Web-based security content, the information in Microsoft's Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team