This application requires Javascript for optimal performance.

Microsoft Security Bulletin for July 2009

The table below lists the Microsoft vulnerabilities for July.
MS Bulletin Number Microsoft Bulletin TitleSeverityImpact of VulnerabilityAffected SoftwareCVE ID
MS09-028Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)CriticalRemote Code ExecutionMicrosoft Windows 2009-1537 2009-1538 2009-1539
MS09-029Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)CriticalRemote Code ExecutionMicrosoft Windows 2009-0231 2009-0232
MS09-032Cumulative Security Update of ActiveX Kill Bits (973346)CriticalRemote Code ExecutionMicrosoft Windows 2008-0015
MS09-030Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)ImportantRemote Code ExecutionMicrosoft Office 2009-0566
MS09-031Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)ImportantElevation of PrivilegeMicrosoft ISA Server 2009-1135
MS09-033Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)ImportantElevation of PrivilegeVirtual PC, Virtual Server 2009-1542


Threat Remediation


Fortinet provides coverage on Microsoft vulnerabilities in July 2009.

CVE NumberSignature Name
CVE-2009-1537MS.DirectShow.Null.Byte.Overwrite
CVE-2009-1538MS.DirectShow.DirectX.Pointer.Memory.Corruption
CVE-2009-1539MS.DirectShow.Atom.Size.Code.Execution
CVE-2009-0231MS.Embedded.OpenType.Font.Engine.Code.Execution
CVE-2009-0232MS.Embedded.OpenType.Font.Engine.Heap.Overrun
CVE-2009-0566MS.Office.Publisher.QHDR2.Struct.Code.Execution
CVE-2008-0015MS.DirectX.MsVidCtl.ActiveX.Control.Access

For more information on new and enhanced signatures, visit the IPS Service Update History. If you require more information, contact the FortiGuard Team using our Contact Us web page.


Document History


Revision DateVersion Number
Tuesday, July 14, 20091Initial Documentation.


Reference: