Microsoft tomorrow will ship eight security bulletins addressing a total of 23 vulnerabilities, two of which are rated “critical” with the other six categorized as “important.”
The affected software includes all versions of the Microsoft Host Integration Server, core components of Windows Server 2003, Windows Server 2008, Windows XP and Windows 7. However, those versions of Windows Server not installed with the Server Core installation options are not affected, according to the notification issued by Microsoft.
Other products affected include all versions of Internet Explorer including the recently released IE 9, all versions of .Net Framework, Silverlight 4 and Microsoft Forefront Unified Access Gateway AG 2010.
While the October release has many fewer critical vulnerabilities than recent Patch Tuesday releases, the company is advising that Windows administrators test and patch the affected systems quickly, particularly Forefront Unified Access Gateway (UAG), which directly deals with the Internet.
Adding further urgency is the fact that six of the eight bulletins cover four remote code execution flaws, including three in Windows and one in Forefront UAG. One of the bulletins rated “important” addresses an elevation-of-privilege flaw in Windows, with another covering a denial-of-service problem in Microsoft Host Integration Server.
Almost all of the patches will require a system restart, so administrators should expect some measure of disruption to their operations, company officials warned.
The company is also expected to unveil an improved version of its malicious Software Removal Tool tomorrow that eliminates an error that wrongly identified Google’s Chrome browser as malware.
Let us know what you think about this story; email Ed Scannell at firstname.lastname@example.org.