Windows and Internet Explorer need critical patches this month, according to Microsoft’s advanced notification about Patch Tuesday bulletins for Oct. 14.
In all there are nine bulletins, but three of them are ranked critical and could allow attackers to execute malicious code remotely, according to the notification. “These will be the top patching priorities, probably with the IE issue being the most at risk for exploitation,” says Ross Barrett, senior manager of security engineering at Rapid7.
+ Also on NetworkWorld: Most Dangerous Cyber Celebrities +
The Internet Explorer problems affect all supported versions from IE7 through IE11, Microsoft says, and fixes require restarting the machines.
Another critical bulletin is aimed at fixing Windows Server 2003, 2008 and 2012 as well as all supported versions of Windows client software to block attacks that could result in malicious code execution.
This bulletin also addresses flaws in the .NET framework. “With the .Net framework updates, make sure to allot enough time to install these updates, as these types of updates tend to be time intensive,” says Chris Goettl, a Shavlik product manager.
The third critical bulletin addresses problems with the same set of Windows platforms as well as Windows Server 2008 and 2012 Server Core installations.
Four bulletins ranked important affect a mix of server and desktop platforms and could enable remote code execution or elevation of privileges but would require users to act, for example, by clicking on a link.
There is one moderate bulletin that affects Windows and Office. “[T]his issue seems to be related to the Office Japanese language input extensions and does not apply to Windows 8 or later,” says Barrett.
Tim Greene covers security and keeps an eye on Microsoft for Network World. Reach him at email@example.com and follow him on Twitter@Tim_Greene.