Six security bulletins were released by Microsoft for July, which covers one of the two vulnerabilities exploited by cybercriminals in the last 2 weeks.
The Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution was used in a zero-day attack last week that involved around 967 compromised Chinese websites. A script that triggered the exploit was inserted in the said websites, which when successfully executed drops WORM_KILLAV.AI into the affected system. The security advisory MS09-032 already addresses the vulnerability used in this attack.
Here is the full list of security advisories issued for this month:
- (MS09-028) Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
- (MS09-029) Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
- (MS09-030) Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
- (MS09-031) Vulnerabilities in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
- (MS09-032) Cumulative Security Update of ActiveX Kill Bits (973346)
- (MS09-033) Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
The Office Web Components ActiveX vulnerability is the other vulnerability used in a malware attack this month. Similar to the zero-day attack, a script that triggers the exploit was inserted in compromised websites. This placed any visitor of the compromised websites who hasn’t updated their system at risk of being affected by TROJ_DLOADR.DOF, which drops a rootkit component detected as TROJ_ROOTKIT.DOF, and downloads TROJ_DLOADR.UIG and TROJ_INJECT.AKI. A patch for the said vulnerability hasn’t been issued, but Microsoft provided a workaround, to protect users while an update is being developed.
Meanwhile, users are advised to update their systems as soon as possible.
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
