Microsoft plans to release two out-of-band security bulletins Tuesday to plug security vulnerabilities in Visual Studio and Internet Explorer (IE).
In a Microsoft Security Bulletin advance notification, the software giant said application developers should be aware of updates.
"While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications," wrote Mike Reavey, group manager at the Microsoft Security Response Center in the MSRC blog. "The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."
The Visual Studio update is rated as moderate. Reavey said the IE update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin. The vulnerabilities were privately and responsibly reported, he said.
On July 14, Microsoft repaired critical zero-day flaws affecting the video streaming technology in Windows, as part of its monthly Patch Tuesday updates. It left a newly discovered hole in Office Web Components wide open, despite being actively targeted by hackers.
Microsoft repaired a flaw related to its DirectShow video streaming software, identified in May, as well as a recently reported Video Controller ActiveX control flaw. The vulnerabilties were being actively targeted in ongoing attacks.
The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is in the Spreadsheet ActiveX Control, which is used by IE.
Microsoft is hosting two webcasts to address customer questions on the out-of-band bulletins at 1 p.m. and 4 p.m. PT on Tuesday. Registration is required.