Microsoft's 'Tuesday patch package' was released on the scheduled Tuesday - July 14! The monthly patch series this time round comprises six security bulletins to address a total of nine different vulnerabilities in Microsoft's software - including Windows, Microsoft Office, Internet Security and Acceleration Server, Virtual PC and Virtual Server.

Three of the six security bulletins have been termed as "critical," while the other three bulletins have been termed as "important."

Of the three "critical" bulletins, two address the "browse-and-get-owned" vulnerabilities - in the Microsoft's Video ActiveX Control and DirectShow component that had been targeted by attackers - about which the company had cautioned the users in July and May respectively.

Referring to these two "critical" bulletins, Eric Schultze - CTO of Shavlik - said: "Today's release is important because patches were released for two recent zero-day attacks - a QuickTime file parsing vulnerability and the recently announced DirectShow vulnerability. Both vulnerabilities are reported as being actively exploited on the Internet."

The third "critical" bulletin fixes the vulnerability in the Embedded OpenType Font Engine, which is used in all versions of Windows, including Vista and Windows Server
2008.

Meanwhile, the three "important" bulletins that were released fix the vulnerabilities in Microsoft proxy server ISA 2006; in the Microsoft Publisher component of Office 2007; in both Virtual PC and Virtual Server.