Patch 22 Vulnerabilities in Windows, IE, Office, .NET, Dev Tools

It’s that time of the Microsoft Patch cycle again, with customers worldwide already receiving security updates from the Redmond company.

The August 2011 Patch Tuesday brought with it no less than 13 security bulletins. The patch packages impact customers running Internet Explorer, Windows, Office, .NET Framework and developer tools.

In total, Microsoft is patching no less than 22 vulnerabilities in various supported releases of the products enumerated above.

Only a couple of the August 2011 security bulletins are rated Critical, with nine deemed Important and the remaining two considered as posing only a Moderate risk to customers, according to Angela Gunn, senior response communications manager, Microsoft Trustworthy Computing.

“Customers should plan to install all of these updates as soon as possible,” Gunn stated. But of course, Microsoft has singled out two security bulletins and is insisting that their deployment be prioritized.

The first is MS11-057, which delivers patches for no less than seven Internet Explorer security holes, including vulnerabilities affecting IE9 running on Windows 7 SP1.

“This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Microsoft is not aware of any attacks leveraging the vulnerabilities addressed in this bulletin,” Gunn stated.

MS11-058 is also to be considered a priority in terms of deployment, the software giant insists. With MS11-058 Microsoft is patching two security vulnerabilities in DNS Server.

“This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk,” Gunn added.