Microsoft to fix 13 holes next week

Software giant Microsoft has promised to fix 13 holes in its Windows, Internet Information Services, and Microsoft Office, next week.

Most of the holes are rather small, and 13 would not fill the Albert Hall, but four are rated “critical” and the rest are just important.

In a statement, Microsoft’s Security Response Center said that the Windows XP, Vista, and Windows 7; Windows Server 2003 and 2008; and Office XP, 2003, and 2007, are all affected.

However, Microsoft said that Windows 7 and Server 2008 R2 will find next Tuesday a non-event. Although the flaws are still there, other security aspects of the software neutralise them.

It seems the flaws are related to the way that Windows handles DLL (dynamic link library) files, that hav been used in attacks “in the wild”, that is to say, in the world as we know it.

DLL Hijacking has been a bit of a problem for Redmond of late and Redmond has released a tool that allows system administrators to limit the damage from the vulnerability.

But the tool is only used at an advisory level and users have to make an active decision to get protection against DLL Hijacking in third-party software.