14 DAY TRIAL // Microsoft released a total of eight security bulletins for the October 2011 Patch Tuesday, resolving 23 security issues in a number of products.
All patches are currently being served to customers worldwide via Windows Update. Users need only switch on Automatic Updates in order to have all security updates delivered and installed for them.
Only two of the patch packages are rated Critical, the one for .NET Framework and Silverlight as well as the bulletin for Internet Explorer.
The remainder of October 2011 security bulletins carry a rating of important, according to Pete Voss, sr. response communications manager, Microsoft Trustworthy Computing.
The Redmond company is advising customers to deploy all October 2011 security updates as soon as possible.
At the same time, two patch packages in particular should be prioritized, as they’re designed to resolve Critical security vulnerabilities.
The first is MS11-081 (Internet Explorer). “This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer,” Voss reveals.
MS11-078 is the second Critical October 2011 security bulletin, set up to plug security holes in .NET Framework and Silverlight.
“This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications,” Voss added.
“The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.”