Microsoft to fix 25 holes in Windows, Office, Exchange

Among the holes fixed by updates on Patch Tuesday will be vulnerabilities in VBScript and SMB that are exposed to attack due to exploit code being in the wild.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

April 8, 2010 12:06 p.m. PT

Microsoft will issue 11 security bulletins in next week's Patch Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange, including two holes for which exploit code is in the wild.

Five of the bulletins address critical vulnerabilities that could allow an attacker to take control of the computer, five are rated important, and one is rated moderate.

With the updates, Microsoft will be closing two outstanding security advisories that have been worrisome because code to exploit the vulnerabilities is available publicly.

One of the advisories is 981169, which involves a vulnerability in VBScript that could allow the remote execution of code and a complete takeover of the system. Disclosed on March 1, it affects older versions of Windows running Internet Explorer.

The other advisory to be closed is 977544, which involves a hole in Server Message Block (SMB) protocol that could allow a denial-of-service attack and that dates back to November.

Software affected by the updates: Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System and Exchange Server 2000, 2003, 2007, and 2010.

Also on Tuesday, Adobe Systems will release its latest security updates for Reader and Acrobat via a new update system. Adobe has quarterly security update releases that coincide with Patch Tuesdays.