Reading Time: 1 minute

This week’s July security fixes by Microsoft address critical security flaws that users are urged to update as soon as possible.

Two of the six security alerts bugs that Microsoft rate as “Critical,” its highest security rating. Patches for three of the alerts are rated “important,” and the sixth is rated “moderate.”

The most serious patches deals with problems in all supported versions of Internet Explorer and a Windows vulnerability. The IE update fixes a previously disclosed vulnerability and twenty-three previously undisclosed vulnerabilities. The most severe vulnerability could allow a hacker to create a web page that allows the hacker to perform remote code execution when viewed with Internet Explorer. An attacker could gain the same user rights as the current user and seize control of the user’s computer.

The Windows vulnerability could allow remote code execution if a user opens a specially created Journal file. Users administrative user rights are most vulnerable.

The advisories rated Important address flaws with the on-screen keyboard, ancillary function driver (AFD) and DirectShow. The advisory rated Moderate concerns a potential denial of service vulnerability in Microsoft Service Bus.

Microsoft has not provided security updates for Windows XP since April of this year. Windows XP retains a 25% share of the desktop operating system market, according to