Microsoft to fix 34 holes in Windows, Office, IE

Microsoft will on Tuesday issue 10 bulletins fixing 34 vulnerabilities affecting Windows, Office, and Internet Explorer.

Six of the bulletins affect Windows, with two of those rated critical by Microsoft. Two bulletins target Office, one targets both Windows and Office, and one critical bulletin affects Internet Explorer, according to a Microsoft Security Response Center blog post on Thursday.

Microsoft also said that with the June bulletins it will be closing Security Advisory 983438, which involves a vulnerability in SharePoint Services 3.0 and SharePoint Server 2007 that was disclosed in late April and which could lead to a cross-site scripting attack via the browser. Proof-of-concept exploit code has been published for that.

The bulletins also address Security Advisory 980088, which involves a hole in IE that could allow information disclosure for users running the browser on Windows XP. It was disclosed in February.

"The June release is a large update and will keep system administrators busy, even if they have migrated to Windows 7 already (the end-of-life date for Windows XP SP2 is coming closer and Windows 7 is certainly one of the options to migrate to...)," Wolfgang Kandek, chief technology officer of Qualys, wrote in a blog post.