Microsoft Preps Critical IE, Windows Patches

Microsoft is readying nine security bulletins for release next week as part of Patch Tuesday.

According to their pre-patch advisory notice, three of the bulletins are rated ‘critical’. Five of the remaining bulletins are considered ‘important’, while the final bulletin is classified as ‘moderate.’

All three of the critical updates address remote code execution issues. According to Microsoft, the updates cover flaws in Internet Explorer, Windows and the .NET Framework. These updates will be the top patching priorities, with the Internet Explorer bulletin likely being at the biggest risk of exploitation, said Ross Barrett, senior manager of security engineering at Rapid7.

Behind the three critical bulletins, there are four issues marked as Important that enable either remote code execution or elevation of privilege, he said, adding that most Windows versions are affected and in one case so are Office and SharePoint. 

“These will be the second patching priority,” he said.

There is also a bulletin related ‘important’ that affects Microsoft Developer Tools and has to do with a security feature bypass.

Rounding out the group is a ‘Moderate’ elevation of privilege issue affecting Windows and Office that seems to be related to the Office Japanese language input extensions and does not apply to Windows 8 or later, Barrett noted.

“Next week’s patch load will include the typical – another critical update for IE and a wide variety of software products will be impacted this month,” blogged Russ Ernst, director of product management, Lumension. “Vulnerabilities discovered in most versions of Windows Server, Win 7 and 8 and the .NET framework make up this month’s 3 critical bulletins.”