Patch Tuesday brings critical Windows updates - and more

Stephen Withers
Wednesday, 15 July 2009 06:40

Business IT - Security

There's one Office related bulletin this month. A patch for Publisher 2007 (only) overcomes an issue that allowed a maliciously crafted Publisher file to trigger remote code execution.

The vulnerability is rated important rather than critical, though Microsoft has warned that consistent exploit code is likely to appear.

The remaining bulletin concerns Virtual PC 2004 and 2007, and Virtual Server 2005 R2. This software incorrectly validates privilege levels when executing specific instructions in the Virtual Machine Monitor, leading to an 'important' privilege escalation vulnerability.

According to the Microsoft Security Response Center, the vulnerability allows an attacker to gain full control of the guest operating system once the execution of arbitrary code can be engineered (eg, via a Trojan).

The vulnerability is not present when hardware-assisted virtualisation is being used.

Microsoft also released updates for the Malicious Software Removal Tool and the Windows Mail Junk E-Mail Filter.

A Vista non-security patch addresses a Bluetooth connectivity issue.