Microsoft plans to release 11 security bulletins, four rated critical, for its October Patch Tuesday. The security bulletins cover multiple Microsoft products, including Internet Explorer and Microsoft Office Excel.
is planning to release 11 security bulletins Oct. 14 on Patch
of the bulletins
are rated "critical" and cover vulnerabilities
that can lead to remote code execution. The critical flaws lie in Active Directory,
IE (Internet Explorer), Microsoft HIS (Host Integration Server) and Microsoft
According to Microsoft's advisory, the IE bulletin affects multiple versions
of IE on Microsoft Windows 2000, XP and Vista as well as
Microsoft Windows Server 2003 and 2008. Microsoft HIS versions 2000, 2004 and
2006 are affected by the HIS bulletin, while the Active Directory bulletin affects
only Microsoft Windows 2000 Server Service Pack 4.
The Excel bulletin touches various versions of Microsoft Office, including
Microsoft Office for Mac 2004
Six of the remaining bulletins are rated "important." Three of
them deal with escalation of privilege issues, while the others address remote
code execution vulnerabilities. The final bulletin is rated "moderate"
and affects Microsoft Office.
In addition to the patches, Microsoft
is also launching its Active Protections Program and Exploitability Index.
initiatives were announced during the Black Hat security conference in Las Vegas in August. The Microsoft Active Protections Program
is meant to give security vendors a heads-up in advance of the monthly security
bulletins, while the Exploitability Index offers additional information to
customers to help them prioritize deployment of Microsoft patches.