Microsoft to fix Windows 2003 and Windows XP

Microsoft posted several bulletins for next Tuesday’s Windows Update release for Windows Server 2003 and Windows XP.

One of the bulletins bears a “critical” rating, Microsoft’s most severe rating, which mostly indicates a fix for a flaw that would allow an attacker take complete control of a personal computer without user interaction. The fixes will be publicly released for Windows Server 2003 and Windows XP.

The other bulletin addresses a spoofing vulnerability. According to Microsoft, a successful exploitation of the flaw would give an attacker to rights to change the forwarding address bar in Internet Explorer so the user would be unaware of the fact that he was visiting a phishing website.

This second bulletin is rated “important” and is only needed by those who run Windows Server 2003.

Windows XP issues relating to URI-handling vulnerability that hackers have been exploiting will most likely be fixed. Hackers sent out a bunch of junk e-mails last week containing maliciously crafted PDF files. When opened, it installs password-stealing programs on the victim’s machine.

The two bulletins will become available next Tuesday, on November 13. Microsoft will host a webcast to address consumer questions on these bulletins on November 14, 2007, at 11:00 AM Pacific Time (US & Canada).