SOFTWARE PATCH MACHINE Microsoft will address critical vulnerabilities in its Internet Explorer, .NET Framework and Silverlight next Tuesday, along with many others in several Windows components and stand-alone programs.
There are eight security bulletins in total, two of critical severity and six marked as important. One covers remote code execution vulnerabilities that affect Internet Explorer (IE) 6, 7, and 8 on all supported versions of Windows.
However, the bulletin has only a moderate severity rating for Windows Server 2003, Windows Server 2008, and 2008 R2, due to the additional security restrictions built into those systems.
Meanwhile, the vulnerabilities in Microsoft's .NET Framework and Silverlight are considered critical on all versions of Windows.
Another bulletin, marked as important, addresses flaws in components found only on 32-bit and 64-bit versions of Windows Vista and Windows 7, while there are two more that affect all versions of Microsoft's operating system.
One bulletin patches vulnerabilities in Microsoft Forefront Unified Access Gateway, one of the company's secure remote access lashups. The versions affected are 2010, 2010 Update 1, 2010 Update 2 and 2010 Service Pack 1.
Two bulletins don't involve remote code execution bugs. One contains fixes for elevation of privilege (EoP) flaws in Windows XP and Windows Server 2003, while the other addresses a denial of service (DoS) condition in the Microsoft Host Integration Server 2004 SP1, 2006 SP1, 2009 and 2010.
As usual, Microsoft will also publish estimated patch deployment priorities on Tuesday, which are calculated based on the probability of working exploits being created for the corresponding vulnerabilities. It will also host a webcast to answer questions from customers regarding the security bulletins.
Nevertheless, to remain secure at all times Microsoft advises regular users to deploy the updates as soon as they are released and set Windows Update to automatically download and install security patches in the future. µ