Microsoft plans to issue seven sets of security patches next week, including critical fixes for DirectX, Internet Explorer and Bluetooth wireless software for Windows.
The updates are due Tuesday, the day Microsoft had previously scheduled to release its security patches. Fixes are also slated for Active Directory, the Windows Internet Name Service (WINS) and the Pragmatic General Multicast (PGM) protocol, used by Windows to stream media to many recipients. These updates are all rated “important.”
A seventh update, rated “moderate,” is listed as a “Kill Bit” update for Windows. This type of patch will disable code that is known to have a security bug.
“The Kill Bit will more than likely be for a third-party application,” said Andrew Storms, director of security operations with security vendor nCircle.
Lately, Microsoft’s security group has had to pay more attention to software that runs on top of Windows, as attackers have increasingly looked to products like QuickTime, Adobe’s Flash and other media players when devising their attacks.
Last Friday, Microsoft warned that a widely publicized flaw in Apple’s Safari browser could be combined with another Microsoft bug to let attackers run unauthorized software on a victim’s PC.
It’s not clear whether Microsoft plans to patch that bug. The IE update could include a fix, although it’s unlikely that Microsoft has had enough time to run this software through its testing process, Storms said.
It is unusual for Microsoft to patch Bluetooth, a protocol used to connect devices like headsets to Windows, but added that “the more interesting question is will this patch and/or the bug extend into Windows mobile where it will more than likely have a greater impact?”
Microsoft announced the planned patches in a note posted to its Web site on Thursday.