Microsoft patches 23 flaws in multiple products
SOFTWARE PATCH FACTORY Microsoft has issued security updates to resolve 23 vulnerabilities in its software products, some of which can lead to the arbitrary code execution and privilege escalation.
The company published eight security bulletins this week as part of this month’s Patch Tuesday release to cover 23 security issues in Windows, Internet Explorer, .NET Framework, Silverlight, Forefront Unified Access Gateway and Microsoft Host Integration Server.
The Internet Explorer (IE) security patches (MS11-081), which address eight different remote code execution flaws, are considered the most urgent ones, with Microsoft assigning a deployment priority of one to them.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user,” Microsoft warns.
IE vulnerabilities are a pretty common attack vector, especially in corporate environments, but fortunately all of the IE flaws fixed this month were reported privately to the company and no exploit code has been publicly released for any of them.
The update that addresses a .NET and Silverlight vulnerability (MS11-078) is considered the second most urgent one because the flaw can lead to remote code execution and can be exploited from the web in a similar manner to the IE flaws.
Two Windows security bulletins, MS11-080 and MS11-077, cover one privilege escalation and four remote code execution vulnerabilities, and those patches Microsoft has assigned a deployment priority of two.
Meenwhile, two other updates that address flaws in Windows components, MS11-075 and MS11-076, are considered lower priority because the vulnerabilities are not as severe.
They share the same deployment priority rating of three with MS11-079 and MS11-082, the remaining bulletins that cover vulnerabilities in MIcrosoft Forefront Unified Access Gateway and Microsoft Host Integration Server.
Despite offering guidance on patch deployment planning, Microsoft recommends that customers install all security updates as soon as possible in order to protect their systems and information.