MICROSOFT announced yesterday it will issue six security updates next week, including a critical update to fix holes in DirectX that have been targeted in attacks.
The company announced in May there had been attacks against a DirectX vulnerability that could allow someone to take complete control of a computer using a QuickTime file.
Earlier this week, Microsoft warned of attacks being launched that exploit a hole in the Video ActiveX Control when used in Internet Explorer.
The company said the critical vulnerabilities affecting various Windows versions could allow an attacker to run code remotely, while one of the non-critical holes involving Virtual PC and Virtual Server would allow remote code execution and the other non-critical holes could allow elevation of privilege.
Affected software for the critical updates is Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and 2008. The versions of Direct X affected are DirectX 7.0, 8.1 and 9.0.
The non-critical updates affect 2007 Microsoft Office System Service Pack 1, Microsoft Internet Security and Acceleration Server 2006, Microsoft Virtual PC 2004 and 2007, and Microsoft Virtual Server 2005 R2.
Add a comment