Microsoft will issue 11 security bulletins in next week's Patch Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange, including two holes for which exploit code is in the wild.

Five of the bulletins address critical vulnerabilities that could allow an attacker to take control of the computer, five are rated important, and one is rated moderate.

With the updates, Microsoft will be closing two outstanding security advisories that have been worrisome because code to exploit the vulnerabilities is available publicly.

One of the advisories is 981169, which involves a vulnerability in VBScript that could allow the remote execution of code and a complete takeover of the system. Disclosed on March 1, it affects older versions of Windows running Internet Explorer.

The other advisory to be closed is 977544, which involves a hole in Server Message Block (SMB) protocol that could allow a denial-of-service attack and that dates back to November.

Full story: c|net