MS09-033 fixed a vulnerability in Virtual PC and Virtual Server which involves elevation of privilege. I’d like to use this blog post to clarify what the security impact is of this vulnerability, to help you make an informed decision about how you prioritize the installation of this update »

The ISA blog has a really great post this morning about MS09-031 . »

Today we released MS09-029, which addresses vulnerabilities related to EOT font files. »

Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file »

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. »

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change,... »

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation... »

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated... »

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system »

Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. »