Eleven patches due from Microsoft

Microsoft patches include critical updates for IE, Active Directory, Excel and Host Integration Server to fix vulnerabilities that could cause a remote code execution hack attack.

Microsoft plans to release 11 patches, including four rated as critical for Internet Explorer, Active Directory,...

Excel and Host Integration Server.

In the Microsoft advance patch notice for October, issued Thursday, the software giant said it will release six patches rated as important for Windows and one listed as moderate for Office. Microsoft plans to issue the updates on Oct. 14.

Microsoft September updates:
Microsoft plugs Media Player, graphics handling flaws: Flaws in Microsoft's Graphics Device Interface could affect multiple systems and third party applications, Microsoft said.

Microsoft provides guidance on GDI flaws: Microsoft's Bill Sisk explains why five remote code execution vulnerabilities in GDI+ affect multiple systems and third-party applications.

Details were sparse, as is customary in Microsoft's advance notices, but the company said the critical updates will fix vulnerabilities that could lead to remote code execution by an attacker.

In September, Microsoft released critical updates addressing multiple client-side remote code execution flaws in its Graphics Device Interface (GDI+) that could affect multiple systems and third-party applications. Last month, Microsoft also plugged a remote code execution vulnerability in an ActiveX control in Windows Media Encoder 9.

Microsoft also said it would begin sharing vulnerability information with security vendors this month. The goal is to help the vendors develop signatures and filters prior to the release of patches on the second Tuesday of each month.

Known as the Microsoft Active Protections Program (MAPP), the new plan will be open to security companies that provide defensive technology to large customer bases. Those vendors that could gain access typically sell antivirus, intrusion detection system (IDS) and intrusion prevention system (IPS) software and appliances. Security vendors have been calling for early notification. Microsoft officials also said they've gotten to the point where they could use some help from the rest of the security community.

Dig Deeper on Security patch management and Windows Patch Tuesday news



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: