Microsoft has outlined nine of the
security bulletins it expects to release for its patch release on Tuesday.
Six of the bulletins address vulnerabilities that have a maximum severity
rating of 'critical', Microsoft's highest alert level. The remaining three
patches all carry a maximum rating of 'important'.
Advertisement
The potential impact of a vulnerability will commonly vary for different
software versions, so Microsoft categorises each bulletin by its maximum risk
level.
Five of the nine bulletins concern vulnerabilities found in software for
Windows Vista. Of those, two are listed as 'critical' and three as 'important'.
The two critical vulnerabilities affecting Vista lie within the XML Core
Services component and
Internet
Explorer 7. If exploited, both vulnerabilities could allow an attacker to
remotely take control of a target system.
The three 'important' fixes address flaws in Internet Explorer 7, Media
Player 11, and one bulletin for a flaw in Vista itself.
Other bulletins address critical vulnerabilities in Internet Explorer 6,
Office 2000, and both Windows XP and 2000.
Also included in the update is a fix for a critical vulnerability in the OS X
version of Office 2004. The same vulnerability is listed as critical for Windows
XP and 2000, as well as Visual Basic 6.0.
Microsoft's Virtual PC virtualisation offering will also receive one patch,
rated 'important'.
Additional bulletins may be added by Microsoft before the official monthly
patch is released on Tuesday, 14 August.
Do you agree?
Have your say on this article