Microsoft to close four critical security holes
Next Tuesday, September 9, Redmond will release four updates to close critical security holes in Windows, Office, Windows Media Player and Windows Media Encoder.
According to the software vendor's announcement, all four holes can be used remotely to inject and execute code. While no detailed information has been released yet, users probably have to open a specially crafted file for the attack on Office to succeed. It is not clear whether the flaw in Windows Media requires a visit to a web site.
The holes in Windows, Windows Media Player and Windows Media Encoder all affect Windows 2000, XP (32/64), Vista (32/64), Windows Server 2003 and Windows Server 2008. In the latter, the flaw cannot, however, be found if the option for Server Core installation is set. As usual, an updated version of the Malicious Software Removal Tool will be included. Microsoft also plans to distribute updates for the Windows Mail Junk E-Mail Filter and other flaws not related to security.
- Microsoft Security Bulletin Advance Notification for September 2008, Microsoft's announcement
- Description of Software Update Services and Windows Server Update Services changes in content for 2008, a list of updates not related to security