Microsoft to batten down the hatches on Windows tighter next Patch Tuesday
Next Tuesday, December 11, Microsoft will be releasing seven security updates, three of which close at least one critical security hole each. First, there is a critical vulnerability in DirectX 7.0 to 10.0; second, in versions 5, 6, and 7 of Internet Explorer; and third, in Windows Media Format Run-Time 7.1 to 11 as well as in Windows Media Services 9.1, both of which are used by various applications including Windows Media Player. According to the vendor's security advisory, all these holes allow code to be remotely injected and executed.
Microsoft has categorized the other four updates as merely "important", although two of the holes could also be exploited to infect a Windows system remotely. As usual, the vendor does not provide any further details in its Advance Notification. The overview of these bugs does, however, belie Microsoft's recent proclamation that the number of holes in its operating system is dropping while the number in applications is rising. At least this month, the number of holes in Windows dominates.
As always, a current version of Microsoft's Windows Malicious Software Removal Tool will be released. In addition to the security updates, seven patches reportedly not related to security will be distributed via Microsoft Update (MU), Windows Server Update Services (WSUS), and Windows Update (WU).
- Microsoft Security Bulletin Advance Notification for December 2007, Microsoft announcement
- Blue Hat Conference: Windows locked, applications open, report by heise Security
(mba)