Microsoft plans to fix an actively targeted zero-day flaw in its Web-based Help and Support Center and plug a display driver bug that could allow remote execution.
In its advance notification issued today, the software giant said it would issue four bulletins, three critical, repairing vulnerabilities in Windows and Microsoft Office.
Microsoft warned last week that it was detecting an increase in attacks targeting a vulnerability in Windows Help and Support Center, a Web-based feature that provides technical support to users. The flaw affects users of Windows XP and Windows Server 2003. The flaw was disclosed last month by Google engineer, Tavis Ormandy, a bug hunter known for finding kernel-level operating system coding errors. Not long after the disclosure, thousands of exploits surfaced attempting to target the vulnerability.
A security advisory was issued in May for a vulnerability in the Windows Canonical Display Driver, which handles graphics and DirectX drawing in games and other software programs. The flaw affects Windows 7 and Windows Server 2008 systems. Microsoft caused the threat posed by the vulnerability minimal. By exploiting the flaw, an attacker could cause a system to crash and restart.
In addition, three other vulnerabilities affecting Office 2003, and Office 2007 will be addressed by Microsoft. In addition, Microsoft warned that July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms.
In June, Microsoft issued 10 security bulletins, addressing 34 vulnerabilities in Windows, Microsoft SharePoint, Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework,