Microsoft Plans Seven Security Fixes Next Week

Microsoft on Thursday said it will fix seven security vulnerabilities next week for its June 10 Security Bulletin.

Three of the vulnerabilities to be addresses are rated "critical," three are rated "important," and one is rated "moderate."

The "critical" flaws affect Bluetooth and DirectX in certain versions of Microsoft Windows and Microsoft Internet Explorer. The "critical" designation typically means an attack could exploit the vulnerability to execute malicious code remotely on an affected system.

The "important" flaws affect Windows Internet Name Service, Active Directory, and Pragmatic General Multicast. The WINS issue could allow for user privilege elevation, while the Active Directory and PGM vulnerabilities could allow a denial-of-service attack.

The "important" flaw affects a Windows registry Kill Bit, which is used to disable ActiveX controls. Microsoft says the vulnerability could lead to remote code execution, but it apparently believes mitigating factors make this vulnerability less dangerous.

Microsoft will release more specific information about the vulnerabilities next week.

The Internet Explorer fix may be related to a zero-day vulnerability published last month by security researcher Aviv Raff.

The flaw Raff discovered has to do with a Cross-Zone Scripting vulnerability in the "Print Table of Links" feature in Internet Explorer. It allows an attacker to construct a malicious Web page that, when printed, opens a hole so the attacker can execute arbitrary code. Raff said Microsoft has been told of the flaw and plans to fix it.

In May, Microsoft issued four security bulletins about six vulnerabilities.