Next Tuesday, July 13, Microsoft will issue 6 security bulletins and updates to fix the vulnerabilities described in them. Among these will be a DirectShow vulnerability disclosed in May and, possibly, the zero-day vulnerability that hit the Internet this week.
Three of the bulletins affect Microsoft Windows and all are critical on Windows 2000 and Windows XP. The first, for now designated "Windows 1" is rated critical on every shipping Windows platform and must be a doozy. The second appears to be for the DirectX flaws mentioned above, and affects Windows 2000, Windows XP and Windows Server 2003. The last affects only Windows XP (critical) and Windows Server 2003 (Moderate).
The other 3 vulnerabilities have the less-urgent rating of Important: vulnerability in Publisher 2007, one in ISA (Internet Security and Acceleration) Server 2006, and one in several current versions of Virtual PC and Virtual server.
A Microsoft blog on the update advance notification indicates that they believe they will be able to get an update of sufficient quality for the zero-day DirectX attack in time for Tuesday, but they aren't making promises at this point. In the meantime they recommend using the kill-bit workaround, a link to which they include in their blog.
The usual monthly update will also be put out for the Malicious Software Removal Tool and the Windows Mail Junk Filter. There will be a non-security update to Vista that should fix intermittent failures experienced by users that have a Bluetooth radio connected to a USB 2.0 hub. (story Link)
No comments:
Post a Comment