Microsoft has issued its monthly list of security patches which will be distributed tomorrow, the company's regular Patch Tuesday event - and there are some critical fixes bundled this month.
Microsoft's regular Patch Tuesday includes some critical security fixes this month, and hopefully no more of the faulty patches it has been churning out recently.
Issued as part of the company's regular update cycle, which sees patches released to customers on the second Tuesday of every month except in cases of critical emergency, the bulletins cover a range of Microsoft products with the majority concentrating on remote code execution and privilege elevation issues in Windows, Office and Internet Explorer. A rather worrying quartet of patches are rated Critical, the most severe of Microsoft's ratings, while the remainder are merely Important despite offering up remote code execution, information disclosure and denial of service possibilities.
The first Critical patch is one only system administrators need worry about: a flaw in Windows SharePoint Services which can allow remote attackers to execute arbitrary code on the server. This is followed by another one for the business users with the news that Microsoft Outlook, the messaging and calendar client that forms a central part of the Office productivity suite, requires a similar patch for a remote code execution vulnerability.
The next few patches are of interest to all, however: the third bulletin fixes a critical-rated remote code execution vulnerability in all Internet Explorer versions which, thanks to its heavy integration in the operating system itself, may even affect those who use an alternative browser. The next two bulletins cover similarly-serious issues, but this time affecting Windows itself - though thankfully nothing newer than Windows Server 2008 and Windows Vista.
The remaining security bulletins, detailed in the official notification
, are mitigated by security measures built into the software that downgrade their severity to merely Important - but which are still a recommended install for anyone who uses a Windows system connected to the internet.
The patches are due to be released to the public tomorrow, at which point all eyes will be on Microsoft: its Patch Tuesday releases over the last few months have included several faulty patches which have done more harm than good, with the company having to embarrassingly withdraw their release and re-issue them with patches of their own at future dates.