Browse And Get Owned Patch Coming Tuesday
In an advanced summary of its upcoming July 14 security patch, Microsoft said it plans to release six security bulletins on Tuesday. Three of these will be listed as critical updates for Windows; one of them affects Windows Vista and Windows Server 2008. There will also be an important update for Publisher, an important update for Internet Security and Acceleration (ISA) Server, and an important update for Virtual PC and Virtual Server.
According to Jerry Bryant, senior security program manager at Microsoft, Microsoft is aware of limited attempts to exploit the DirectShow vulnerability. Trend Micro and Websense have found evidence to show that the ActiveX flaw is actively being exploited on Web sites in China. “Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit.” wrote Roland Dela Paz, a Trend Micro security engineer, in a blog post.