Microsoft plans to release 11 security bulletins, four rated critical, for its October Patch Tuesday. The security bulletins cover multiple Microsoft products, including Internet Explorer and Microsoft Office Excel.
Microsoft is planning to release 11 security bulletins Oct. 14 on Patch
Tuesday.
Four
of the bulletins are rated "critical" and cover vulnerabilities
that can lead to remote code execution. The critical flaws lie in Active Directory,
IE (Internet Explorer), Microsoft HIS (Host Integration Server) and Microsoft
Office Excel.
According to Microsoft's advisory, the IE bulletin affects multiple versions
of IE on Microsoft Windows 2000, XP and Vista as well as
Microsoft Windows Server 2003 and 2008. Microsoft HIS versions 2000, 2004 and
2006 are affected by the HIS bulletin, while the Active Directory bulletin affects
only Microsoft Windows 2000 Server Service Pack 4.
The Excel bulletin touches various versions of Microsoft Office, including
Microsoft Office for Mac 2004 and 2008.
Six of the remaining bulletins are rated "important." Three of
them deal with escalation of privilege issues, while the others address remote
code execution vulnerabilities. The final bulletin is rated "moderate"
and affects Microsoft Office.
In addition to the patches,
Microsoft
is also launching its Active Protections Program and Exploitability Index. Both
initiatives were announced during the Black Hat security conference in Las Vegas in August. The Microsoft Active Protections Program
is meant to give security vendors a heads-up in advance of the monthly security
bulletins, while the Exploitability Index offers additional information to
customers to help them prioritize deployment of Microsoft patches.
Email
Print
