Come July 14, Microsoft is gearing up to release six security patches for various software products, including the latest service packs available for its Windows clients. Half of the security bulletins coming next week target the Windows client and server platforms, with the rest designed to patch vulnerabilities in Publisher, Internet Security and Acceleration (ISA) Server and Virtual PC and Virtual Server. All the non-Windows security bulletins planned for release on July 14 feature a severity rating of just Important. By contrast, the three Windows patch packages are considered Critical.
Jerry Bryant, Microsoft security program manager, revealed that Microsoft would also provide patches for two vulnerabilities affecting Windows that are currently actively exploited in the wild. “We will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers,” Bryant stated.
Microsoft initially warned of the 0-day DirectX vulnerability in Windows XP at the end of May 2009. At that time, the company acknowledged that it was aware of a limited number of targeted attacks built around exploits to this security flaw. In addition, the software giant will also resolve another zero-day Critical vulnerability, also already exploited in the wild, with the July release of monthly security patches.
“Our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890),” Bryant added.