10 patches planned for Microsoft's Patch Tuesday – but none for DirectShow
On next Patch Tuesday, the 9th of June, Microsoft plans to release six updates for Windows and one each for Internet Explorer, Word, Excel and Office. Four of the holes in Windows are rated as important and the rest are rated critical because they can allow attackers to compromise a users system.
In addition, Microsoft also finally plans to patch Office 2004 and 2008 for Mac to fix 14 known security vulnerabilities in PowerPoint. The software giant updated the Windows versions on the previous Patch Tuesday.
According to the Microsoft Security Response Center, the hole in DirectShow has not been closed because the patch has not yet "reached the appropriate level of quality for broad distribution." The Response Center said it's continuing to monitor the situation closely and suggests that customers download and use the provided workaround, which is available as an installer file (.msi). It deletes a specific registry key and prevents QuickTime movies from being parsed in the vulnerable Quartz.dll library.
The WebDAV hole in Internet Information Server (IIS) 5.0, 5.1 and 6.0 also remains unpatched. So far, the Security Response Center has only released descriptions of workarounds – such as disabling WebDAV or restricting the access of anonymous users.
See also:
- Microsoft warns about critical DirectShow vulnerability, a report from The H.
- Microsoft confirms vulnerability in Internet Information Server, a report from The H.
- Microsoft update closes fourteen vulnerabilities in PowerPoint, a report from The H.
(crve)