Microsoft plans to issue seven security updates — three of which are rated “critical” — in its monthly Patch Tuesday release next week.
Several of the patches deal with preventing remote code execution (RCE). Attackerscould potentially take advantage of vulnerabilities by remotely running malicious code and gaining access to an unsuspecting user’s computer.
The listed fixes are designed to correct a variety of problems with InternetExplorer that affect Windows 2000, Windows XP, Windows Vista and WindowsServer 2003.
One critical fix focuses on the way Bluetooth, a wireless protocolutilizing short-range communications technology, works with various Windows components and the Windows XP, Server 2003 and Vista operating systems.
Another critical fix pertains to every version of Internet Explorer from IE 5.01 through IE 7. Several operating systems are affected: Windows 2000, XP, Windows Server 2003, Vista and Windows Server 2008.
Also among the critical fixes is one that deals with DirectX, a collection of application programming interfaces designed for handling multimedia tasks such as game programming. This update affects Windows 2000, Vista, and Windows Server 2003 and 2008.
Important and Moderate Fixes
In addition to the three critical patches, Microsoft is rollingout three patches rated “important” and one rated “moderate.”
One of the important patches affects all versions of Windows Server2003 and includes a fix for Windows Internet Name Service (WINS), whichacts as a central mapping of host names to network addresses. Thisupdate prevents hackers from intruding and gaining unauthorizedadministrative privileges.
Another important patch affects Active Directory settings in WindowsXP, Windows Server 2003 and some versions of Windows Server 2008. Themain purpose of Active Directory is to provide central authenticationand authorization services for Windows-based computers. It also permitsadministrators to assign policies, utilize software, and apply criticalupdates to an organization. This fix prevents hackers from lockingauthorized users out of their systems through denial-of-serviceexploits.
The third important patch deals with file transfers.
The moderate patch involves the “kill bit” function, which is a method that userscan employ to shut off ActiveX controls in IE.
Besides the seven patches, Microsoft is releasing an update of its Windows Malicious Software Removal Tool on Tuesday. The update will be distributed via Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Microsoft will provide more specific information when it officially posts the bulletins on Tuesday, company spokesperson Allison Hammer told TechNewsWorld.