This month’s Patch Tuesday saw the release of six new bulletins, two of which address zero-day flaws.
Updates MS09-028 through 033 patch vulnerabilities in Windows, Office, ISA Server, Internet Explorer and Virtual PC. The two zero-days affect DirectShow video streaming software and a new Video Controller ActiveX control. Both have been targeted by attackers recently.
Not included in the July bundle is a fix for a new flaw in Microsoft’s Office Web Components, which can give an attacker full user rights of a system. An automatic workaround has been issued while Microsoft works on a permanent patch for the flaw, which affects a number of Microsoft Office products.