Microsoft will issue 11 security bulletins in next week's Patch Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange, including two holes for which exploit code is in the wild.
Five of the bulletins address critical vulnerabilities that could allow an attacker to take control of the computer, five are rated important, and one is rated moderate.
With the updates, Microsoft will be closing two outstanding security advisories that have been worrisome because code to exploit the vulnerabilities is available publicly.
One of the advisories is 981169, which involves a vulnerability in VBScript that could allow the remote execution of code and a complete takeover of the system. Disclosed on , it affects older versions of Windows running Internet Explorer.
The other advisory to be closed is 977544, which involves a hole in Server Message Block (SMB) protocol that could allow a denial-of-service attack and that dates back to .
Software affected by the updates: Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System and Exchange Server 2000, 2003, 2007, and 2010.
Also on Tuesday, Adobe Systems will release itsfor Reader and Acrobat via a new update system. Adobe has quarterly security update releases that coincide with Patch Tuesdays.