Windows-based IT shops can expect six security updates next week, Microsoft announced on its TechNet Web site Thursday.
While full details on the vulnerabilities won't be released until Tuesday, the software giant did
The company will also update its Malicious Software Removal tool on Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS) and the Download Center.
The software giant will also issue one non-security, high-priority update for Windows on WU, MU, Software Update Services (SUS) and WSUS.
"Although we do not anticipate any changes, the number of bulletins,
It's unclear if the upcoming fixes will address security holes that have come to light since Microsoft's July patch release.
The latest flaw was reported Monday by Aliso Viejo, Calif.-based eEye Digital Security. The company said attackers could exploit a flaw in multiple versions of Windows to launch malicious code. "A vulnerability in default installations of the affected software allows malicious code to be executed," iDefense said. The firm wouldn't divulge additional details, but said it is high severity and could be exploited remotely.
The vulnerability affects Internet Explorer, Windows 2000 and 2003; Windows XP and Windows XP SP1. eEye said workarounds are unlikely because the affected component can't be turned off, disabled or uninstalled.
Meanwhile, security consultant and author Michal Zalewski discovered flaws in how Internet Explorer handles .jpg images. Zalewski said attackers could exploit one of the flaws remotely to launch malicious code.
The researcher posted four proof-of-concept images on the Web that could be used to exploit the flaws. Each could be used to crash Internet Explorer, even if users have XP SP2. Two of the exploit images also cause memory and CPU problems.
Microsoft said it would comment on eEye's discovery after reviewing the advisory. The company has also said it's investigating Zalewski's findings.