The three critical updates fix holes in Windows, and one in Internet Explorer, which all allow remote code execution using Bluetooth, IE and DirectX. The three important updates all relate to Windows and remote code execution as does the single moderate update. The company is also releasing an updated version of its Malicious Software Removal Tool.
The patch will fix IE6 and IE7 running in all supported editions of Windows, including Windows 2000, XP, Server 2003, Vista and Server 2008. Microsoft has pegged the IE fixes in the client operating systems as critical, but only as moderate on the server side.
In addition to the three critical flaws, Microsoft is releasing three bulletins rated “important” affecting numerous versions of Windows in PGM, Active Directory and WINS. If exploited, the flaws in both PGM and Active Directory could lead to a denial of service attack.
The seven-update list is “one of the most diverse and interesting in a long time. It runs the gamut as far as the distribution of where they are in the operating system and software. The only thing we’re missing is [a vulnerability for] Excel or Outlook, and we’d have one for everything that Microsoft makes,” said Andrew Storms, director of security operations at nCircle Network Security Inc.
Source: Channel WebFiled under Enterprise Software | Tags: Bluetooth, DirectX, IE, Microsoft, PGM, Security Bulletin, The client, Vista, Windows 2000, WINS | Comment Below