Microsoft plans to ship six security bulletins next Tuesday as part of its monthly patch cycle. Three of them are rated as critical and affect several Windows versions, according to the Security Advisory, while the remaining three are rated as important and bring fixes for other Microsoft products – Publisher, Internet Security and Acceleration (ISA) Server and Virtual PC and Virtual Server.
The critical patches include one for a previously-disclosed vulnerability in DirectShow, which has seen “limited attacks” in the form of specially crafted QuickTime files that could allow remote code execution. Microsoft also says it’s been working around the clock to produce an update for the “browse-and-get-owned” ActiveX flaw in time for Tuesday, but they aren't making promises at this point. The company issued a warning for the flaw earlier this week and advised customers to temporarily disable the ActiveX component in Internet Explorer.
Microsoft provided few details about the third critical update, except to say that it affected all versions of Windows. More information will be available on the Security Research and Defense blog next week.