Microsoft plans to patch 34 holes
Next Tuesday Microsoft plans to close 34 vulnerabilities in Windows, Internet Explorer and Office. Six of the announced bulletins alone refer to vulnerabilities in the Windows operating system, with the company rating four of the vulnerabilities critical. The bulletin for Internet Explorer is also rated critical, although the exact number of holes to be closed remains unclear.
A vulnerability that was disclosed in February and allows specially crafted web pages to read arbitrary files on a Windows PC is now also scheduled to be closed. All versions of Internet Explorer from 5.01 to 8 on all supported Windows platforms are generally affected by this hole. In Internet Explorer 7 and 8 under Windows 7, Vista and Server 2003/2008, the hole can't be exploited when the web browser is running in protected mode – which is the default setting. Another patch is to close a cross-site scripting hole in SharePoint.
- Microsoft issues warning about XSS hole in SharePoint, a report from The H.
- Microsoft confirms new vulnerability in Internet Explorer, a report from The H.