Microsoft plans to issue three critical updates as part of its monthly batch of patches scheduled to be released on Tuesday.
The software giant said in its Patch Tuesday advance bulletin that the updates will address flaws in Microsoft Windows, Windows Server and Internet Explorer. The vulnerabilities could be exploited by attackers remotely to run malicious code and gain access to a victim's machine.
According to the advance bulletin, the updates address an issue with Internet Explorer that affect Windows 2000, Windows XP, Windows Vista and Windows Server 2003. The issues may be exploited via DirectX and affect versions 5.01 and higher of Internet Explorer.
Flaws labeled important will be addressed affecting Windows Server 2008. The holes could be exploited by an attacker to elevate their privileges or cause a denial of service condition. Microsoft said the vulnerability addressed by the update does not affect supported editions of Windows Server 2008 if it was installed using the Server Core installation option.
The patches Tuesday will also include an update of Microsoft's Windows Malicious Software Removal Tool. The update will be delivered via Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS), and the Download Center.
Microsoft's Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), said the advance bulletin is preliminary and could be changed. It is released to help administrators plan for the updates, he said in the MSRC blog.
Last week, Microsoft warned Apple Safari users of new vulnerability. In an advisory, the software maker urged Safari users to change the browser's default download location. The problem is a bug in the default download location in Safari and in the way Windows handles executable files. An attacker could exploit the vulnerability by tricking users into visiting a website to download malicious content to the user's machine.