Microsoft released 6 security bulletins as announced. The actively exploited security hole in a video ActiveX component gets fixed by the updates, also flaws in DirectShow, the Embedded OpenType Font Engine, VirtualPC and -Server, ISA Server and Office 2007. A fix for the recently discovered vulnerability in Office, ISA Server 2004 and 2006 which also gets exploited on the net already is still missing though – so please apply the workarounds described in Microsofts security advisory or use the provided Fix-it-tool.
Microsoft expects exploits for all fixed vulnerabilities within the next 30 days according to the Exploitability Index of the security bulletin summary. The patches should be applied as soon as possible therefore to protect the own computer and/or network.
- Enter about:config in the browser’s location bar.
- Type jit in the Filter box at the top of the config editor.
The developers are currently working on a fix. Until then it is a good idea to implement the described workaround.