Zheng Wenbin

**Name of the Vulnerable Software and Affected Versions** Windows Vista SP2 Windows Server 2008 SP2 Windows Server 2008 R2 Windows Server 2008 R2 SP1 Windows 7 Gold Windows 7 SP1 **Description** A denial of service issue exists due to improper parsing of file metadata by the kernel. This allows local users to cause a system crash via a crafted file. An attacker who successfully exploits this issue could cause the affected system to crash. **Recommendations** For Windows Vista SP2, update to a newer version to mitigate the risk. For Windows Server 2008 SP2, update to a newer version to mitigate the risk. For Windows Server 2008 R2, update to a newer version to mitigate the risk. For Windows Server 2008 R2 SP1, update to a newer version to mitigate the risk. For Windows 7 Gold, update to a newer version to mitigate the risk. For Windows 7 SP1, update to a newer version to mitigate the risk.

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c Description: The issue allows remote attackers to execute arbitrary code via a crafted QuickTime media file. This has been exploited in the wild. Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, update to a version that is not affected by this issue to prevent remote attackers from executing arbitrary code.