Microsoft Security Bulletin: July 2009 Security Bulletin

Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 23 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft DirectShow Remote Code Execution Vulnerability (MS09-028)

Severity

Critical 4

Qualys ID

90503

Vendor Reference

MS09-028

CVE Reference

CVE-2009-1537, CVE-2009-1538, CVE-2009-1539

CVSS Scores

Base 9.3 / Temporal 8.1

Description

Microsoft DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. The DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.
DirectX is prone to the following vulnerabilities:
- A remote code execution vulnerability exists in the way that Microsoft DirectShow parses QuickTime media file. (CVE-2009-1537)
- A remote code execution vulnerability exists in the way that Microsoft DirectShow validates certain values when updating a pointer. This vulnerability could allow code execution if a user opened a specially crafted QuickTime file. (CVE-2009-1538)
- A remote code execution vulnerability exists in the way that Microsoft DirectShow validates specific fields in QuickTime media files. This vulnerability could allow code execution if a user opened a specially crafted QuickTime file. (CVE-2009-1539)
Affected Software:
DirectX 7.0:
Microsoft Windows 2000 Service Pack 4
DirectX 8.1:
Microsoft Windows 2000 Service Pack 4
DirectX 9.0:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems

Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
The July 2009 Security Updates For Runtimes Are Now Available on the ECE (KB971633)
Aug 09 Security Updates for Standard 09 and XPe are Now Available (KB971633)

Consequence

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code with the privileges of the user running the application that uses DirectX.

Solution

Patch:
Following are links for downloading patches to fix the vulnerabilities:
Microsoft Windows 2000 Service Pack 4 (DirectX 7.0)
Microsoft Windows 2000 Service Pack 4 (DirectX 8.1)
Microsoft Windows 2000 Service Pack 4 (DirectX 9.0)
Windows XP Service Pack 2 and Windows XP Service Pack 3 (DirectX 9.0)
Windows XP Professional x64 Edition Service Pack 2 (DirectX 9.0)
Windows Server 2003 Service Pack 2 (DirectX 9.0)
Windows Server 2003 x64 Edition Service Pack 2 (DirectX 9.0)
Windows Server 2003 with SP2 for Itanium-based Systems (DirectX 9.0)
Refer to Microsoft Security Bulletin MS09-028 for further details.
Workaround:
1) Disable the parsing of QuickTime content in quartz.dll. This can be done using the Interactive Method or via a Managed Deployment Script.
Impact of workaround #1: QuickTime content playback will be disabled.
2) Modify the Access Control List (ACL) on quartz.dll using the following steps.
On Windows XP and Windows Server 2003 (all editions), run the following command from a command prompt (requires administrative privileges):
For 32-bit Windows systems:
Echo y| cacls %WINDIR%\SYSTEM32\quartz.DLL /E /P everyone:N

For 64-bit Windows systems:
Echo y| cacls %WINDIR%\SYSTEM32\quartz.DLL /E /P everyone:N
Echo y| cacls %WINDIR%\SYSWOW64\quartz.DLL /E /P everyone:N
Impact of workaround #2: Windows Media Player will not be able to play .AVI or .WAV files.
3) Unregister quartz.dll by running the following command from an elevated command prompt:
For 32-bit Windows systems:
Regsvr32.exe -u %WINDIR%\system32\quartz.dll

For 64-bit Windows systems:
Regsvr32.exe -u %WINDIR%\system32\quartz.dll
Regsvr32.exe -u %WINDIR%\syswow64\quartz.dll
Impact of workaround #3: Windows Media Player will not be able to play .AVI or .WAV files.
4) For non-multimedia folder types, the Windows shell attack vector can be mitigated by using Windows Classic Folders. Folder options can be changed as follows:
- Click Start, click Control Panel, click Appearance and Themes, and then click Folder Options. Or, open any folder, such as My Documents, and on the Tools menu, click Folder Options.
- On the General tab, under Tasks, select Use Windows classic folders.
For detailed steps on enabling and disabling the workarounds, please refer to Microsoft Security Bulletin MS09-028.
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (MS09-029)

Severity

Urgent 5

Qualys ID

90511

Vendor Reference

MS09-029

CVE Reference

CVE-2009-0231, CVE-2009-0232

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Embeded OpenType Font Engine is a Microsoft Windows Component. It is prone to the following vulnerabilities:
A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses data records in specially crafted embedded fonts. (CVE-2009-0231)
A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses name tables in specially crafted embedded fonts. (CVE-2009-0232)
Microsoft has released an update that addresses the vulnerability by correcting the way that the Microsoft Windows EOT component parses files and content containing embedded fonts.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
The July 2009 Security Updates For Runtimes Are Now Available on the ECE (KB961371)
Aug 09 Security Updates for Standard 09 and XPe are Now Available (KB961371)

Consequence

Successful exploitation allows execution of arbitrary code.

Solution

Patch:
Following are links for downloading patches to fix the vulnerabilities:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Refer to Microsoft Security Bulletin MS09-029 for further details.
Workaround:
1) Disable support for parsing embedded fonts in Internet Explorer. This can be done using the Interactive Method, Group Policy or Using a Managed Deployment Script.
Impact of workaround. Web sites making use of embedded font technology will fail to display properly.
2) Deny Access to T2EMBED.DLL
Impact of workaround. Applications that rely on embedded font technology will fail to display properly.
For detailed steps on enabling and disabling the workarounds, please refer to Microsoft Security Bulletin MS09-029.
Microsoft Office Publisher 2007 Remote Code Execution Vulnerability (MS09-030)

Severity

Critical 4

Qualys ID

110095

Vendor Reference

MS09-030

CVE Reference

CVE-2009-0566

CVSS Scores

Base 9.3 / Temporal 6.9

Description

Microsoft Office Publisher is a desktop publishing application. The "PUBCONV.DLL" module in Publisher is responsible for converting legacy format Publisher files (.pub) created by older versions of Publisher into the Publisher 2007 format.
A vulnerability exists in PUBCONV.DLL module in Microsoft Publisher 2007. A programming error in the module causes it to dereference an arbitrary attacker-controlled value as the address of a table of function pointers. An attacker can exploit this issue by persuading an unsuspecting user into opening a malicious file. This vulnerability allows attackers to execute arbitrary code on the user's system.
Microsoft Office Publisher 2007 is vulnerable.
Previously this was an iDefense private detection.
Lionel d'Hauenens of Labo Skopia, working with Versign iDefense Labs, reported the Pointer Dereference Vulnerability.

Consequence

A malicious user can execute arbitrary code on the affected system within the security context of the local user running Publisher.

Solution

Patch:
Following are links for downloading patches to fix the vulnerabilities:
2007 Microsoft Office System Service Pack 1 (Microsoft Office Publisher 2007 Service Pack 1)
Refer to Microsoft Security Bulletin MS09-030 for further details.
Workaround:
- Disable the Publisher Converter DLL
For Windows XP, run the following command from a command prompt:
cacls "c:\program files\microsoft office\office12\pubconv.dll" /E /P everyone:N
For 64-bit editions of Windows XP, run the following command, using the appropriate Windows path for your system:
cacls <64BIT_PATH_AND_FILENAME> /E /P everyone:N
For Windows Vista and Windows Server 2008, run the following commands:
takeown /f "c:\program files\microsoft office\office12\pubconv.dll"
icacls "c:\program files\microsoft office\office12\pubconv.dll" /save %TEMP%\ PUBCONV ACL.TXT
icacls "c:\program files\microsoft office\office12\pubconv.dll" /deny everyone(F)
For 64-bit editions of Windows Vista and Windows Server 2008, run the following commands, using the appropriate Windows path for your system:
takeown /f <64BIT_PATH_AND_FILENAME>
icacls <64BIT_PATH_AND_FILENAME> /save %TEMP%\ FILENAME _ACL.TXT
icacls <64BIT_PATH_AND_FILENAME> /deny everyone (F)
Impact of the workaround: Users who have disabled the Publisher Converter DLL will not be able to open Microsoft Office Publisher files created in versions earlier than Publisher 2007.
Microsoft ISA Server 2006 Elevation of Privilege Vulnerability (MS09-031)

Severity

Urgent 5

Qualys ID

90512

Vendor Reference

MS09-031

CVE Reference

CVE-2009-1135

CVSS Scores

Base 9 / Temporal 6.7

Description

Microsoft Internet Security and Acceleration Server (ISA Server) is a firewalling and security product based on Microsoft Windows primarily designed to securely publish Web servers and other server systems.
An elevation of privilege vulnerability exists in ISA Server 2006 authentication when configured with Radius OTP. The vulnerability could allow an unauthenticated user access to any Web published resource. (CVE-2009-1135)
Affected Software:
Microsoft Internet Security and Acceleration Server 2006
Microsoft Internet Security and Acceleration Server 2006 Supportability Update
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1

Consequence

An attacker who successfully exploits this vulnerability may be able to impersonate user accounts. If an attacker is able to successfully impersonate a user account, they may have access to resources the impersonated user has. If an attacker is impersonating an administrative account, the attacker might be able to install programs; view, change, or delete data; or create new accounts with full user rights on systems behind the ISA Server 2006 security boundary.

Solution

Patch:
Following are links for downloading patches to fix the vulnerabilities:
Microsoft Internet Security and Acceleration Server 2006
Microsoft Internet Security and Acceleration Server 2006 Supportability Update
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
Refer to Microsoft Security Bulletin MS09-031 for further details.
Workaround:
- Disable fallback to Basic authentication for ISA Forms-Based authentication together with Radius OTP.
1. For customers running the original release version of Microsoft Internet Security and Acceleration Server 2006, install the hotfix available from Microsoft Knowledge Base Article 938966. Customers running Microsoft Internet Security and Acceleration Server 2006 Supportability Update and Microsoft Internet Security and Acceleration Server 2006 Service Pack 1 do not need to apply the hotfix.
2. Run the Microsoft Visual Basic script available from the Post-hotfix installation information section of Microsoft Knowledge Base Article 938966 according to the instructions in the article.
Impact of workaround: ISA server will not allow basic authentication from clients served by that Web Listener.
Microsoft Video ActiveX Control Remote Code Execution Vulnerability (MS09-032 and KB972890)

Severity

Urgent 5

Qualys ID

90510

Vendor Reference

KB972890, MS09-032

CVE Reference

CVE-2008-0015, CVE-2008-0020

CVSS Scores

Base 9.3 / Temporal 8.8

Description

The Microsoft Video Control object is a Microsoft ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video.
A buffer overflow vulnerability exists in DirectShow that is caused due to a boundary error in the ActiveX control for streaming video (msvidctl.dll) and can be exploited to cause a stack-based buffer overflow via specially crafted image content. (CVE-2008-0015)
Affected Software:
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
The July 2009 Security Updates For Runtimes Are Now Available on the ECE (KB973346)
Aug 09 Security Updates for Standard 09 and XPe are Now Available (KB973346)

Consequence

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code with the privileges of the user running the application that uses DirectX.

Solution

Workaround:
1) Prevent Microsoft Video ActiveX Control from running in Internet Explorer
Microsoft is providing a capability to implement this workaround automatically. Refer to Microsoft Knowledge Base Article 972890 for information on use of the tool to disable the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003.
Disabling of Microsoft Video ActiveX Control can also be done manually by modifying the registry. Setting the kill-bit associated with Class Identifiers (CLSID) related to Microsoft Video ActiveX Control will prevent the ActiveX control from being loaded within Internet Explorer. Refer to Microsoft article KB240797 for information on setting the kill bits.
Detailed information on applying the workaround manually is available at Microsoft Security Advisory (972890) under "Workarounds" in the "Suggested Actions" section.
Impact of the workaround: There is no impact as long as the object is not intended to be used in Internet Explorer.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Refer to Microsoft Security Bulletin MS09-032 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS09-032 Microsoft Windows 2000 Service Pack 4
MS09-032 Windows Server 2003 Service Pack 2
MS09-032 Windows Server 2003 with SP2 for Itanium-based Systems
MS09-032 Windows Server 2003 x64 Edition Service Pack 2
MS09-032 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
MS09-032 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
MS09-032 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
MS09-032 Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
MS09-032 Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
MS09-032 Windows XP Professional x64 Edition Service Pack 2
MS09-032 Windows XP Service Pack 2 and Windows XP Service Pack 3
Microsoft Virtual PC and Virtual Server Elevation of Privilege Vulnerability (MS09-033)

Severity

Critical 4

Qualys ID

116509

Vendor Reference

MS09-033

CVE Reference

CVE-2009-1542

CVSS Scores

Base 9 / Temporal 7

Description

Microsoft Virtual PC allows customers to create and run one or more virtual machines, each with its own operating system, on a single computer. Microsoft Virtual Server is a similar solution for server operating systems.
An elevation of privilege vulnerability exists in Virtual PC and Virtual Server because they do not correctly validate whether specific machine instructions require a minimum CPU privilege level in order to run within the guest operating system environment. This may allow user mode applications to execute instructions which should only be issued in kernel mode. (CVE-2009-1542)
Microsoft has released an update that addresses the vulnerability by enforcing validation of privilege levels when executing machine instructions.

Consequence

An attacker who successfully exploits this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Patch:
Following are links for downloading patches to fix the vulnerabilities:
Microsoft Virtual PC 2004 Service Pack 1
Microsoft Virtual PC 2007
Microsoft Virtual PC 2007 Service Pack 1
Microsoft Virtual PC 2007 x64 Edition
Microsoft Virtual PC 2007 x64 Edition Service Pack 1
Microsoft Virtual Server 2005 R2 Service Pack 1
Microsoft Virtual Server 2005 R2 x64 Edition Service Pack 1
Refer to Microsoft Security Bulletin MS09-033 for further details.
Oracle July 2009 Security Update Multiple Vulnerabilities

Severity

Critical 4

Qualys ID

19484

Vendor Reference

CPUJUL2009

CVE Reference

CVE-2009-0987, CVE-2009-1015, CVE-2009-1019, CVE-2009-1020, CVE-2009-1021, CVE-2009-1963, CVE-2009-1966, CVE-2009-1967, CVE-2009-1968, CVE-2009-1969, CVE-2009-1970, CVE-2009-1973

CVSS Scores

Base 9 / Temporal 7

Description

Oracle released a Critical Patch Update advisory for July 2009 that addresses 16 security vulnerabilities.
These are the Oracle database components affected:
- Oracle Net
- HTTP

Consequence

A remote attacker could affect the confidentiality and integrity of data on the target system.

Solution

Workaround:
Until the Critical Patch Update (CPU) fixes are applied, network protocols required to launch the attacks should be restricted to reduce the possibility of successful attacks. For attacks requiring access to certain packages, restriction of privileges can help reduce the chances of an attack.
Impact of workaround:
The above approaches can break certain application functionality. These workarounds should not be used as long-term solutions.
Patch:
Oracle recommends that customers upgrade to the latest supported version of Oracle products in order to obtain the patches. Read Oracle Critical Patch Update Advisory - July 2009 for further information about the products affected and issues addressed.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CPUJUL2009 Oracle
Mozilla Firefox 3.5 TraceMonkey JavaScript Engine Uninitialized Memory Vulnerability (MFSA 2009-41)

Severity

Critical 4

Qualys ID

116510

Vendor Reference

FEDORA-2009-7898, MFSA 2009-41

CVE Reference

CVE-2009-2477

CVSS Scores

Base 9.3 / Temporal 8.1

Description

Firefox is a Web browser application available for multiple platforms.
The application is prone to a remote code-execution vulnerability in the Tracemonkey components of Firefox's JavaScript rendering engine. This issue arises during the processing of JavaScript and may present itself when certain string characters are escaped and subsequently copied to a buffer.
Firefox Version 3.5 is affected with this issue.

Consequence

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts may result in denial of service.

Solution

The vendor has released an update (Firefox Version 3.5.1) to resolve this issue. The update is available at Mozilla Firefox Download site.
Refer to the vendor security advisory MFSA2009-41 for additional information.
Fedora has an update for this, refer to the vendor security advisory FEDORA-2009-7898
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MFSA 2009-41 Windows(Firefox)
MFSA 2009-41) Linux(Firefox)
MFSA 2009-41) Mac OS(Firefox)

These new vulnerability checks are included in Qualys vulnerability signature 1.23.28-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 90503
- 90511
- 110095
- 90512
- 90510
- 116509
- 19484
- 116510
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

July 14, 2009

Advisory overview

Vulnerability details

Microsoft DirectShow Remote Code Execution Vulnerability (MS09-028)

Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (MS09-029)

Microsoft Office Publisher 2007 Remote Code Execution Vulnerability (MS09-030)

Microsoft ISA Server 2006 Elevation of Privilege Vulnerability (MS09-031)

Microsoft Video ActiveX Control Remote Code Execution Vulnerability (MS09-032 and KB972890)

Microsoft Virtual PC and Virtual Server Elevation of Privilege Vulnerability (MS09-033)

Oracle July 2009 Security Update Multiple Vulnerabilities

Mozilla Firefox 3.5 TraceMonkey JavaScript Engine Uninitialized Memory Vulnerability (MFSA 2009-41)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys