Microsoft announces patches for IE, Bluetooth and DirectX
Microsoft will be closing three critical and three important security holes on its next patch day, Tuesday 10 June. A further update being issued at the same time is classified as moderately important. The Bluetooth Bulletin, the Internet Explorer Bulletin and the DirectX Bulletin deal with at least one critical hole each that allows code to be injected and run. This puts them into the highest risk category.
The Bluetooth patch relates to the protocol stack supplied with Windows XP, including XP with Service Pack 3, and with Windows Vista with Service Pack 1. A whole series of versions of Internet Explorer from 5.01 to 7, and DirectX 7.0 to 10.0 are vulnerable. The advance notification does not say whether the hole is less serious in any of these, or perhaps in combination with certain versions of Windows. As always, it only states the maximum severity.
The important updates concern denial-of-service problems in Active Directory and the Pragmatic General Multicast (PGM) transport protocol, and also the possibility of escalated privileges being obtained through WINS name resolution. A Kill Bit Bulletin classified as moderately important concludes the patch announcement. Microsoft will also be publishing a new version of the Malicious Software Removal Tool next Tuesday.
- Microsoft Security Bulletin Advance Notification for June 2008, English version