Five of this months security bulletins are rated critical and the remainder are classed as important.
A critical vulnerability in Windows Common Controls affects Office (2003, 2007, 2010), SQL Server (2000, 2005, 2008), Commerce Server (2002, 2007, 2009), Host Integration Server (2004), Visual FoxPro (8.0 and 9.0), and Visual Basic 6.0 Runtime.
This vulnerability - which allows remote code execution - has been used in targeted attacks, a Microsoft spokesperson stated.
For example, the bulletin is considered critical for IE8 in Windows 7, but moderate for IE7 in Windows Server 2008.
Four vulnerabilities in Windows networking components are addressed this month, with the most serious allowing remote code execution to be triggered by sending a malicious response to a print spooler request.
This bulletin affects all currently supported versions of Windows.
Microsoft recommends that the above three bulletins should be prioritised.
The other critical bulletins concern Remote Desktop Protocol (affects Windows XP) and Exchange's WebReady document viewing feature (Exchange 2007, 2010).
August's important bulletins affect Windows and Office. A kernel-mode driver vulnerability affects Windows 7, Vista, XP, and Server 2003 and 2008, while flaws in the JScript and VBScript engines need patching on the 64-bit versions of Windows 7, Vista, XP, and Server 2003 and 2008 (including Itanium versions).
The affected versions of Office are 2007 and 2010, plus Visio 2010 and Visio Viewer 2010.
Microsoft has also released an update that restricts the use of certificates with RSA keys of less than 1024 bits, and re-released a July bulletin for XML Core Services to add support for version 5.0.
The customary update to the Malicious Software Removal Tool was also released, along with multiple updates for Windows 7 and Server 2008 R2 to address various non-security issues, and update rollups for Small Business Server 2011, Home Server 2011, Storage Server 2008 R2 Essentials.