In association with heise online

05 June 2009, 11:06

10 patches planned for Microsoft's Patch Tuesday – but none for DirectShow

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

On next Patch Tuesday, the 9th of June, Microsoft plans to release six updates for Windows and one each for Internet Explorer, Word, Excel and Office. Four of the holes in Windows are rated as important and the rest are rated critical because they can allow attackers to compromise a users system.

In addition, Microsoft also finally plans to patch Office 2004 and 2008 for Mac to fix 14 known security vulnerabilities in PowerPoint. The software giant updated the Windows versions on the previous Patch Tuesday.

According to the Microsoft Security Response Center, the hole in DirectShow has not been closed because the patch has not yet "reached the appropriate level of quality for broad distribution." The Response Center said it's continuing to monitor the situation closely and suggests that customers download and use the provided workaround, which is available as an installer file (.msi). It deletes a specific registry key and prevents QuickTime movies from being parsed in the vulnerable Quartz.dll library.

The WebDAV hole in Internet Information Server (IIS) 5.0, 5.1 and 6.0 also remains unpatched. So far, the Security Response Center has only released descriptions of workarounds – such as disabling WebDAV or restricting the access of anonymous users.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit