Microsoft will release eight bulletins to cover 23 vulnerabilities in this month's Patch Tuesday.
Scheduled for release tomorrow, the patches will include two ‘critical' bulletins to address remote code execution flaws in the Microsoft .NET Framework and Microsoft Silverlight, and in Windows and Internet Explorer.
The remaining six bulletins are rated as ‘important' and cover four remote code execution flaws, three in Windows and one in the Forefront Unified Access Gateway. An important bulletin addresses an elevation of privilege flaw in Windows, and a denial-of-service issue in Microsoft Host Integration Server is also covered.
Wolfgang Kandek, CTO at Qualys, said: “Patch Tuesday looks to be a light- to medium-sized release. Top priority should be given to the remote code execution patch for all versions of Internet Explorer (including 9, the most modern version of IE on Windows 7). The other critical higher-priority remote code execution patch affects the Microsoft .NET Framework and Microsoft Silverlight.
“The remaining six bulletins are for Windows itself and a number of less pervasive Microsoft technologies, such as Forefront and the Host Integration server. They are all rated as important and not all of them apply to all configurations. IT administrators will have to evaluate to what degree they affect their networks, servers and workstations.”
Paul Henry, security and forensic analyst at Lumension, said: “Eight bulletins coming from Microsoft: some tricks and some treats. The treat: October's bulletins resolve several issues – two critical and six important, covering a range of products.
“The trick: nearly all require a restart, which will cause widespread disruptions across both internet-connected servers and user community desktops.”