Microsoft to release critical Windows fixes next Tuesday
Microsoft on Thursday issued advance notification of six security bulletins – three of which are Windows updates deemed critical – that will be released on July 14.
Critical is the highest ranking that Microsoft gives security updates. The three other updates are classified as important, which is the second-highest ranking, and affect Publisher, Internet Security and Acceleration Server, and Virtual PC and Virtual Server.
According to a Thursday post on the Microsoft Security Response Center, one of the Windows updates will address a vulnerability in the Microsoft Video ActiveX Control. This vulnerability could give an attacker the same user rights as the PC’s owner, allowing for remote code execution. Because code execution in Internet Explorer is done remotely, and therefore doesn’t require user intervention, an attacker could exploit the vulnerability to deploy malware on the unsuspecting user’s PC.
Microsoft on Monday recommended that Windows XP and Windows Server 2003 users remove support for the Microsoft Video ActiveX Control.
Another of the Windows critical updates is designed to address vulnerability in Microsoft’s multimedia framework and API called DirectShow, part of DirectX that could allow for remote code execution if a user opened a certain QuickTime media file. Remote execution of code means that an attacker could exploit the vulnerability to deploy malware on the unsuspecting user’s PC.
The blog post says Microsoft is aware of some active attacks that leverage this vulnerability, and is therefore working on an update to patch it.
Microsoft will host a webcast on Wednesday July 15 at 11am Pacific Time to answer customer questions regarding the bulletins.
Do you tweet? Follow me on Twitter here.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.






