Microsoft has announced that it is to release six bulletins tomorrow on its penultimate Patch Tuesday of 2012.
Covering 19 vulnerabilities, four of the patches are rated as critical and will address 13 vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework. One bulletin will be rated as important and will address four vulnerabilities in Microsoft Office, while one moderate update will address two issues in Microsoft Windows.
Andrew Storms, director of security operations for nCircle, said: “In spite of the relatively low number of bulletins this month and in keeping with the trend for this year, November's patch includes 19 CVEs.
“As usual, the patch at the top of the ‘suspect' list this month is for Internet Explorer. Unfortunately for Microsoft and their customers, it affects IE9. Of course, we knew that IE9 would have some bugs, but it's got to be demoralising for Microsoft to have to patch their newer, more secure browser again so quickly.”
Ziv Mador, director of security research at Trustwave SpiderLabs, said: “The good news is that there are only six bulletins this month; the bad news is that four of those are rated as critical and five of them result in Remote Code Execution (RCE).
“The RCEs all seem to be at the operating system level affecting everything from XP SP3 up to and including Server 2008 R2. The one bulletin with RCE that is only labelled important and not critical is part of MS Office 2003, 2007 and 2010, including 2008 and 2011 for Mac. The sixth bulletin, rated as moderate, results in information disclosure and impacts Vista SP2, Windows 7 32- and 64-bit, as well as multiple flavours of Server 2008.”