Microsoft Preps 3 Critical Fixes for Patch Tuesday Release

Microsoft plans to issue seven security updates -- three of which are rated "critical" -- in its monthly Patch Tuesday release next week.

Several of the patches deal with preventing remote code execution (RCE). Attackers could potentially take advantage of vulnerabilities by remotely running malicious code and gaining access to an unsuspecting user's computer.

The listed fixes are designed to correct a variety of problems with Internet Explorer that affect Windows 2000, Windows XP, Windows Vista and Windows Server 2003.

Critical Patches

One critical fix focuses on the way Bluetooth, a wireless protocol utilizing short-range communications technology, works with various Windows components and the Windows XP, Server 2003 and Vista operating systems.

Another critical fix pertains to every version of Internet Explorer from IE 5.01 through IE 7. Several operating systems are affected: Windows 2000, XP, Windows Server 2003, Vista and Windows Server 2008.

Also among the critical fixes is one that deals with DirectX, a collection of application programming interfaces designed for handling multimedia tasks such as game programming. This update affects Windows 2000, Vista, and Windows Server 2003 and 2008.

Important and Moderate Fixes

In addition to the three critical patches, Microsoft is rolling out three patches rated "important" and one rated "moderate."

One of the important patches affects all versions of Windows Server 2003 and includes a fix for Windows Internet Name Service (WINS), which acts as a central mapping of host names to network addresses. This update prevents hackers from intruding and gaining unauthorized administrative privileges.

Another important patch affects Active Directory settings in Windows XP, Windows Server 2003 and some versions of Windows Server 2008. The main purpose of Active Directory is to provide central authentication and authorization services for Windows-based computers. It also permits administrators to assign policies, utilize software, and apply critical updates to an organization. This fix prevents hackers from locking authorized users out of their systems through denial-of-service exploits.

The third important patch deals with file transfers.

The moderate patch involves the "kill bit" function, which is a method that users can employ to shut off ActiveX controls in IE.

Besides the seven patches, Microsoft is releasing an update of its Windows Malicious Software Removal Tool on Tuesday. The update will be distributed via Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Microsoft will provide more specific information when it officially posts the bulletins on Tuesday, company spokesperson Allison Hammer told TechNewsWorld.