Microsoft prepares monster Patch Tuesday
Microsoft will patch ten vulnerabilities in its software, the company has announced in its advance security bulletin.
Among the ten vulnerabilities, six effect all versions of Windows with two of those tagged Critical – Microsoft’s highest threat level. The company is warning that these may allow remote code execution and that the patches need to be applied immediately.
Of the remaining Windows flaws three are classed as Important and could allow hackers to escalate themselves to admin rights, with the remaining Windows flaw receiving the Moderate threat level – possibly allowing attackers to access personal information.
Office has also come in for some treatment, with a Critical patch-a-piece for Excel and Word. There’s also an Internet Explorer bulletin rated Critical on all versions of Windows except Server 2008, where it is regarded as Moderate. Microsoft claims the flaw affects all versions of the browser from six onwards.
Notable by its omission is a fix for the DirectX vulnerability the company confirmed only last week. Microsoft says it needs more time to work on a patch.
“Our security teams are working hard on a security update that addresses this issue, but we do not yet have an update that has reached the appropriate level of quality for broad distribution,” says Jerry Bryant in an entry to the Microsoft Security Response Center blog.
The Patch Tuesday is Microsoft’s largest since October last year, and marks a stark contrast from last month in which only one security update was issued.
Adobe is also gearing up for its first Patch Tuesday. The company will release patches for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Mac OS X. The patches are rated critical.