Microsoft released six bulletins for July on Tuesday,three of the vulnerabilities are rated "Critical," and the other three are marked as "Important.".All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine.
- MS09-029: This covers two vulnerabilities in the Microsoft Windows component, Embedded OpenType Font Engine. The vulnerabilities could allow remote code execution. Rated “critical” for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
- MS09-028: This update fixes three separate vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file.
- MS09-032: This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer that uses the ActiveX control. This rated “critical”for all supported editions of Windows XP and “moderate” for all supported editions of Windows Server 2003.
Three other bulletins were issued to cover a solitary bug in Microsoft Virtual PC and Microsoft Virtual Server; a privilege escalation issue in Microsoft Internet Security and Acceleration (ISA) Server 2006; and a remote code execution hole in Microsoft Office Publisher.
More details here :http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx