14 DAY TRIAL // The Redmond giant announced on Thursday that there are nine security bulletins available for this month’s Patch Tuesday, the one for Internet Explorer receiving a critical severity rating and vulnerability impact.
Administrators at IT shops, big and small, have been notified that this month they should be prepared to apply a new set of fixes that address remote code execution (RCE) vulnerabilities in Microsoft’s Internet Explorer versions 6 through 11, running on different editions of Windows.
Internet Explorer is not the only product patched against remote code execution
The bulletin bundling all the patches for the web browser has been labeled as "critical" for the security of the product, the default recommendation in this case being to apply the changes as soon as they become available through the Windows Update mechanism.
The RCE type of security flaw allows an attacker to run arbitrary code on the affected machine without having direct access to it. This would enable malicious actors to execute malicious commands on the target system, benefiting from the same privileges as the user account under which the application is running.
Other products affected by RCE security glitches are .NET Framework and Windows operating system, from Server editions 2003, 2008 and 2012 to Vista, 7, 8 and 8.1. RT versions of Windows (RT and RT 8.1) are also included in a security bundle.
The bulletin for Microsoft Office and related services also warns of remote code execution possibilities, but it is marked as “important,” a lower severity level.
System administrators should be prepared to restart machines
The current notification is just a heads-up of what’s to come on Tuesday, October 14, when the actual updates will be pushed to clients all over the world.
It is intended for system administrators, to allow them to review the programs that are affected and make the necessary preparations in advance, for smoothly applying the modifications when they become available.
In some cases, a restart of the machine is required for the patch to be integrated, and this is not always possible if the new code is received without previous notification.
Microsoft makes available a set of tools that could help administrators with applying the updates. As such, they can use Microsoft Baseline Security Analyzer (MBSA) to scan local and remote machines for security updates that have not been applied, as well as for poor configurations that could compromise the integrity of the system.
Utilities are also provided for distributing the updates, as well as for an easier verification process of the updates with the installed applications.