Microsoft issued eight important and two critical bulletins this week that address flaws across Windows Server and Microsoft Office apps.
For users of the most recent versions of Windows, the company patched Windows
Though rated important, denial of service attacks should be prevented. If running a web server on Windows Server 2012, an attack could bring down the site if not properly patched, said Wolfgang Kandek, CTO at Qualys Inc., an IT security firm based in Redwood Shores, Calif.
Despite the update only affecting newer versions of Windows Server, Kandek said admins can avoid more vulnerabilities if they are on the newest version of an operating system.
Microsoft offers fixes to Internet Explorer
Microsoft also addressed vulnerabilities in Internet Explorer in this month's two critical bulletins. One bulletin deals with a remote code execution vulnerability in IE 8. This zero-day flaw was publicly exposed.
If possible, an organization using IE 8 should upgrade to a newer version. Windows XP, which will no longer be supported beginning next year, cannot upgrade beyond IE 8.
The other bulletin deals with all currently supported IE versions across multiple versions of Windows. It is rated moderate for Windows Server.
Microsoft also patched a driver vulnerability in all Windows Server versions and desktop versions of Windows, which could lead to elevation of privilege.
Another important bulletin addresses a .NET Framework vulnerability that could lead to spoofing files and accessing endpoint functions.
Microsoft Word and Microsoft Publisher applications were addressed by important bulletins, which could lead to remote code execution.
Microsoft patched the Essentials and Visio applications in important bulletins. The vulnerabilities Microsoft addressed could lead to information disclosure.
This month's patches bring the total number of bulletins in 2013 to 45, a marked increase compared with 35 at this point last year. This is possibly due to the more frequent patching cycle of Internet Explorer.