Tuesday, October 11 is Patch day for Microsoft which has queued up fixes for 23 vulnerabilities. However, IT administrators will have to deal with just a few critical flaws. Thus, it is a fairly light Patch Tuesday.
Microsoft will release eight security bulletins - two of which are rated “critical”. This information was issued in a Microsoft security Bulletin Advance Notification on 6th October. The rest of the important bulletins address flaws in the Forefront Unified Access gateway, Host Integration Server and some other versions of Windows.
Microsoft said that one out of two critical bulletins patch a bug in Windows and Internet Explorer which if exploited could allow attackers to remotely spread malicious code.
Software versions that effected include Internet Explorer 6 through 8, Windows XP, Vista and 7, and also Windows server 2003 and 2008.
As told to eWEEK, Andrew Storms, director of security for nCircle said,"As usual, this month we will receive the mandatory critical update to Internet Explorer."
Marcus Carey, security researcher at Rapid7 told eWEEK that attackers will continue tricking users to click on malicious links and will keep on exploring Web browsers and plug-ins for weaknesses to exploit.