Microsoft started shipping this month’s Update Tuesday fixes to computers running this software, trying to fix a total of 37 vulnerabilities in a wide array of products, such as SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer.
Two of the nine security bulletins released this morning are rated as critical and Microsoft says that everyone should prioritize their deployment in order to make sure that they’re perfectly secure.
The Cumulative Security Update for Internet Explorer (2976627) was developed to fix a remote code execution issue, with Microsoft saying that it addresses no less than 25 privately-reported vulnerabilities and one publicly-disclosed flaw.
“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,” the company explained in an advisory rolled out today.
The second critical patch should address a vulnerability in Windows Media Center which could allow remote code execution on unprotected computers. A privately-reportedly vulnerability in Windows should be fixed by this new bulletin, Microsoft says.
“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user right,” the company added.
The other security bulletins are rated as important and are aimed at products such as Microsoft Office, SQL Server, Server software, and .NET Framework.
Also this Update Tuesday, the company introduced the new Windows 8.1 August Update, which brings a number of improvements for the new Windows 8.1 operating system. This pack of improvements includes several new options and refinements, but no big changes, so despite rumors, no Start menu is available as part of this release.
As it’s the case each Update Tuesday, all these fixes are being delivered to users via the automated Windows Update, so no user interaction is needed. A dedicated ISO including all Windows patches would also be released for manual downloads later today for IT admins.