Microsoft this morning started the global rollout of this month's Patch Tuesday updates, trying to fix a record 66 vulnerabilities found in Windows, Office, and Internet Explorer.
Two of the released updates are aimed at Internet Explorer and are rated as critical, with Microsoft recommending everyone to prioritize their deployment.
The MS14-035 bulletin is a cumulative security update for Internet Explorer that's aimed at fixing a total of 59 security flaws in the browser, with the most severe allowing attacks to obtain the same privileges as the logged-in user.
“This security update resolves two publicly disclosed vulnerabilities and fifty-seven privately reported vulnerabilities in Internet Explorer,” the company explained in an advisory rolled out today.
“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
The second critical security update is supposed to address two vulnerabilities in Microsoft Graphics Components which could allow remote code execution. According to the company, these flaws have been found in Microsoft Windows, Microsoft Office, and Microsoft Lync. A reboot is required after deploying the MS14-036 bulletin.
“This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft pointed out.
As you can see, this is clearly a significant Patch Tuesday rollout, so it's critical for those running the affected software to install today's security updates as soon as possible.
As usual, they are all being delivered to computers via Windows Update, so user interaction is minimal if the system is already connected to the Internet. A dedicated ISO containing all patches for system administrators will also be released later today in order to deploy today's fixes manually.
Keep in mind that Windows XP has been left out of this Patch Tuesday, so Windows Vista, 7, 8, 8.1, 8.1 Update and RT are the only client versions of the operating system that got fixed.