Two of the bulletins are rated critical, nine are rated important and two are listed as moderate, according to Microsoft’s Patch Tuesday preview. A total of 22 software patches are contained in the 13 bulletins.
One critical bulletin affects Internet Explorer (IE), and the other impacts Microsoft’s server software. Both critical bulletin flaws could result in remote code execution by an attacker.
“Top priority should be given to a 'critical' bulletin that affects Internet Explorer 6 through 9 on Windows 7, XP, Vista, 2003 and 2008. If left unpatched, attackers could use this vulnerability to remotely take control of victims' systems”, commented Wolfgang Kandek, chief technology officer at Qualys.
Two "important" bulletins, one affecting Windows 7 and Windows 2008 operating systems and other affecting Visio, could result in remote code execution as well.
“We have seen other Visio vulnerabilities fairly recently and recommend including the software in your regular patching cycle and/or have users not using that software remove it from their systems”, Kandek added.
Paul Henry, security and forensic analyst for Lumension, noted that Patch Tuesday is not the only massive patch update with which IT administrators are grappling.
“Outside of Microsoft, IT teams are still recovering from the 78 patches released by Oracle on July 19th and the update to Apple Lion released on July 20th. Further, the parade of flaws in mobile platforms and apps continues this period – Android, Apple and BlackBerry all have issues that need to be addressed; and malicious links now impact 3 out of 10 smartphone users”, he commented.