Microsoft is planning to release 11 security bulletins Oct. 14 on Patch Tuesday.
Four of the bulletins are rated “critical” and cover vulnerabilities that can lead to remote code execution. The critical flaws lie in Active Directory, IE (Internet Explorer), Microsoft HIS (Host Integration Server) and Microsoft Office Excel.
According to Microsoft’s advisory, the IE bulletin affects multiple versions of IE on Microsoft Windows 2000, XP and Vista as well as Microsoft Windows Server 2003 and 2008. Microsoft HIS versions 2000, 2004 and 2006 are affected by the HIS bulletin, while the Active Directory bulletin affects only Microsoft Windows 2000 Server Service Pack 4.
The Excel bulletin touches various versions of Microsoft Office, including Microsoft Office for Mac 2004 and 2008.
Six of the remaining bulletins are rated “important.” Three of them deal with escalation of privilege issues, while the others address remote code execution vulnerabilities. The final bulletin is rated “moderate” and affects Microsoft Office.
In addition to the patches, Microsoft is also launching its Active Protections Program and Exploitability Index. Both initiatives were announced during the Black Hat security conference in Las Vegas in August. The Microsoft Active Protections Program is meant to give security vendors a heads-up in advance of the monthly security bulletins, while the Exploitability Index offers additional information to customers to help them prioritize deployment of Microsoft patches.