The software maker says seven security updates are on the way next week. One has been ranked "moderate," three as "important," and the remaining three reached "critical," its most severe rating.The planned patches include those for Bluetooth, its Internet Explorer Web browser, DirectX, and Active Directory.
Microsoft's Security Bulletin Advance Notification, which is published the Thursday prior to Patch Tuesday, doesn't provide many details into the flaws, other than their severity rating and affected software. Rather, the notification is meant to give network operations teams a heads-up to prepare for the monthly patch cycle.
The three critical flaws are in Bluetooth, IE, and DirectX. Remote code execution is possible with all three vulnerabilities, which means they're exploitable across the Internet, and potentially "wormable."
While it appears that all three critical flaws will be of concern to consumers and businesses alike, two of the three important bulletins affect server software, Active Directory, the Windows Internet Name Service.
The final, and moderate, vulnerability, has only been identified as a "Kill Bit Bulletin," which indicates that is probably a workaround aimed at an at-risk third-party application.