Microsoft is planning to release nine security bulletins next week for September’s Patch Tuesday.
The bulletins are slated to address a total of 13 vulnerabilities. Four of the bulletins carry a rating of “critical,” Microsoft’s highest severity rating. Among those are fixes for remote code execution bugs in Microsoft Office and Windows.
The remaining five bulletins-which are all rated “important”-all affect Windows, and include both privilege escalation and remote execution issues.
“I expect some of the bulletins to address DLL Hijacking issues in Microsoft’s own products, but it will be interesting to see if Microsoft will change its guidance for Hotfix KB2264107,” blogged Wolfgang Kandek, CTO of Qualys. “Currently it is only at the advisory level and users have to make an active decision to get protection against DLL Hijacking in 3rd party applications.
“As last month, Windows XP SP2 users do not have any patches supplied to them, even though the majority of updates for XP SP3 most likely apply to their discontinued version of the OS as well,” he added. “Windows XP SP2 users should upgrade to SP3 as quickly as possible.”
The bulletins are scheduled for release Sept. 14.