Scheduled bulletin release day, Tuesday, July 14, 2009.
Advance Notification
The Microsoft Security Response Center (MSRC)
Preliminary information, subject to change.
- Three Critical updates affecting Windows.
- One Important update affecting Publisher.
- One Important update affecting Internet Security and Acceleration (ISA) Server.
- One Important update affecting Virtual PC and Virtual Server.
Jerry Bryant further expanded,
I want to provide some clarity on two of the pending Windows updates mentioned. First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.
Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890)..
Some notes on restart requirements: One of the three updates for Windows will require a restart, the others may if the DLL being updated is in use. This goes for the Publisher update as well. To reduce your chances of requiring a restart, please see Knowledge Base article 887012. Both the ISA Server and Virtual PC/Virtual Server updates require restarts. Note however that the Virtual PC/Virtual Server update will not prompt you so you should factor a manual restart in to your deployment plans as soon as possible.
The July edition of the monthly security bulletin webcast will be held on Wednesday, July 15, 2009, at 11:00 a.m. PDT (UTC –7).
Register for the webcast here
