Microsoft released its October security patch this Tuesday, which includes 11 updates addressing 20 vulnerabilities, out of which, four vulnerabilities affecting, Internet Explorer, Windows 2000 Server, Host Integration Server and Microsoft Excel, are said to be more critical.
This month each bulletin of the security patch includes an “exploitability index” that would help network administrators in prioritizing different patches, such as, ‘1’ for risky consistent exploits, ‘2’ for somewhat inconsistent exploits, and ‘3’ for non-functioning exploits.
One of its update, MS08-057, tagged “Vulnerabilities in MS Office Could Allow Information Disclosure”, addresses crucial flaws in Microsoft Excel 2000 and is rated important for MS Office Excel 2002, MS Office Excel 2003, MS Office Compatibility Pack and other supported versions.
Furthermore, the three other vulnerabilities that are dubbed critical in the updates are, MS08-058 fixes vulnerabilities in Internet Explorer versions 5 and 6, MS08-059 addresses the vulnerability of remote code execution in Host Integration Server 2000, and MS08-60 addresses vulnerability of information disclosure in Windows 2000 server.
In addition, Microsoft rolls out update to set 3 ActiveX “kill bits” in third party software at the request of software vendors, following security reviews pointing vulnerabilities in these programs.