Advance Notification for the July 2009 Security Bulletin Release

Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of:

• Three Critical updates affecting Windows.
• One Important update affecting Publisher.
• One Important update affecting Internet Security and Acceleration (ISA) Server.
• One Important update affecting Virtual PC and Virtual Server.

I want to provide some clarity on two of the pending Windows updates mentioned. First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890).

As you know, this information may change between now and next Tuesday. We will do our best to keep you updated if it does.

Some notes on restart requirements: One of the three updates for Windows will require a restart, the others may if the DLL being updated is in use. This goes for the Publisher update as well. To reduce your chances of requiring a restart, please see Knowledge Base article 887012. Both the ISA Server and Virtual PC/Virtual Server updates require restarts. Note however that the Virtual PC/Virtual Server update will not prompt you so you should factor a manual restart in to your deployment plans as soon as possible.

On release day, look for additional information on both this blog and the Security Research and Defense blog.  If you have questions or would like more information about this month’s release, please plan to attend our regularly scheduled security bulletin webcast on Wednesday, July 15, 2009, at 11:00 a.m. PDT (UTC –7). Click HERE to register.

Thanks!

Jerry Bryant

*This posting is provided “AS IS” with no warranties, and confers no rights*

• MS09-006 – Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
• MS09-007 – Vulnerability in SChannel Could Allow Spoofing (960225)
• MS09-008 – Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)

Microsoft also revised bulletin MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), to note a revision to some of the packages associated with this bulletin (specifically 938464). Please see the bulletin revision notes for more information. You can find more information about all of the bulletins at the Microsoft’s Security Update Archive, as well as an Exploitability Index rating for each.