Microsoft To Fix 13 Flaws In Windows, Office, IIS For Tuesday Release

Microsoft plans on issuing a "wide load" security update for its upcoming Patch Tuesday release, incorporating nine bulletins that address 13 vulnerabilities.

The upcoming Microsoft security update addresses four flaws Microsoft designated with the highest severity ranking of "critical," while the rest are all ranked with the slightly less severe rating of "important."

The critical patches address security vulnerabilities in Windows XP, Windows 2003 and Vista, Internet Information Services (IIS) and Microsoft Office, while glitches in Windows 7 and Windows Server 2008 R2 are primarily covered by updates deemed "important."

Security experts say that there is a strong possibility that the impending bulletins will address some of the recent DLL hijacking issues actively exploited in Microsoft's products with a revised guidance for Hotfix.

"Currently it is the only at the advisory level and users have to make an active decision to get protection against DLL hijacking in third party applications," said Wolfgang Kandek, Qualys chief technology officer, in a blog post.

Last month was the first in which Microsoft completely cut off support for Windows XP SP2, but the majority of updates of XP SP3 also can still be applied to the discontinued version.

However, that won't always be the case. "Windows XP SP2 users should upgrade to SP3 as quickly as possible," Kandek said.