Microsoft will next Tuesday with a total of four security updates for its products. Two critical updates affect several Windows products, while two other updates affecting two or more of Microsoft Office packages. One of the two security updates for Office are deemed critical.
In a blog post Microsoft's Jerry Bryant writes that among the vulnerabilities that are removed, there are two that have been publicly known for a while. One of them being actively exploited in attacks.
The one found in the Canonical Display Driver (cdd.dll), used to mix GDI and DirectX-based rendering on the desktop. The other exists in the Windows Help and Support Center and was exposed by Google employees Tavis Ormandy in June.
More information about the upcoming security updates is available here.
Bryant writes further that July marks the end of Microsoft support for Windows 2000 and XP XP2. The users of these systems are advised to upgrade to an operating system or a service package that is still supported.
