23 vulnerabilities squashed by Microsoft's Patch Tuesday effort

Stephen Withers
Wednesday, 12 October 2011 07:56

Business IT - Security

 

This month's Patch Tuesday saw Microsoft release eight bulletins addressing 23 vulnerabilities. If you run a still-supported version of Windows, there's a patch for you this month.

Actually, that's not quite true - if you are responsible only for Server Core installations of Windows Server 2008, then you might not have any patches to apply. But the critical patches for the .NET Framework 1, 2 and 4 (for issues exploitable in part via Silverlight), and Internet Explorer 6, 7, 8 and 9 mean most Windows users and administrators will have something to apply as a matter of urgency.

 

The remaining six bulletins are all rated important, even though four of the issues have the potential for remote code execution. Those updates concern Microsoft Active Accessibility, Windows Media Center, Forefront Unified Access Gateway, and Windows Kernel-Mode Drivers.

A patch for the Windows Ancillary Function Driver addresses a privilege escalation issue, while the bulletin for Host Integration Server fixes a pair of denial of service issues.

While Microsoft recommends that all the updates are installed as soon as possible, it understandably recommends that the two critical bulletins be prioritised as reliable exploits are expected within 30 days.

Unusually, all eight bulletins apply to Windows 7 while XP and Vista have six each.