Microsoft today gave advance notice of a security bulletin it will release on Tuesday to repair seven vulnerabilities in Windows and Internet Explorer, three of them critical.
The three critical warnings involve potential remote code execution, and affect Bluetooth, DirectX and IE. According to reports, the latter patch might also include fixes for the so-called “Carpet Bomb” threat to Apple’s Safari browser made known recently by Nitesh Dhanjani. Microsoft last week issued a separate security warning about the “blended threat” to Safari on Windows XP and Vista as well as Internet Explorer versions 6 and 7, which only affects those who have not changed IE’s default download location.
Of the latest threats, three are classified as important, and involve WINS and elevation of privileges, and denial of services of Active Directory and Microsoft’s PGM multicast protocol. One threat classified as moderate involved remote code execution and Kill Bit, the company’s ActiveX function control designed to stop such attacks. The threats apply variably to components of Windows 2000, XP, Server 2003, Vista and Server 2008. The bulletin contains full details of which operating systems require which patches.
To further explain the threats and field questions about the bulletin, Microsoft will host a Webcast on Wednesday, June 11, at 11:00 am Pacific time. The company also will release an update to its Windows Malicious Software Removal Tool, though it did not specify a date. The tool will be available through Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center Websites.