August Patch Tuesday delivers a smorgasbord of fixes

Stephen Withers
Wednesday, 12 August 2009 04:59

Business IT - Security

August's Patch Tuesday brings nine security bulletins from Microsoft, covering at least 19 vulnerabilities.

Windows 2000, XP, Vista, and Server 2003 and 2008 are all covered by this month's updates.

"This month had the potential to be the month of ATL [Active Template Library] bug fixes, but it has turned out to be more of a smorgasbord. These updates are going to require lots of IT resources for testing and deployment," said Andrew Storms, director of security operations at nCircle.

The ATL bug fixes mentioned by Storms are in addition to those delivered in an out-of-cycle update released late last month. The ATL vulnerabilities allow remote code execution. Software covered by the latest patches include Outlook Express, Windows Media Player, and certain ActiveX controls.

Microsoft warns that at least one one the vulnerabilities (in the MPEG2TuneRequest control) is already being exploited.

There are several other critical updates.

Multiple vulnerabilities in Microsoft Office Web Components can allow malicious web pages to trigger remote code execution. In addition to Microsoft Office itself, Visual Studio, ISA Server and BizTalk Server are affected.

There's more, so please read on.