Microsoft remote code exec killjoys to dump seven fixes next week

IE, Office on the patch list


Redmond will fix three critical holes in Internet Explorer, Office and Windows next week.

Microsoft's Advanced Notification service details a seven-fix monthly dump.

Among the three critical bulletins are a problem that leaves Internet Explorer open to remote code execution (RCE) attacks. Patching for bulletin two required a restart.

Separate flaws in bulletins three, four and five affecting Microsoft Office 2007, 2010 and 2013 also permitted RCE attacks.

A RCE flaw affecting Windows in bulletin 6 was rated moderate for some versions of Server but critical for Vista, and 7.

The fixes would also address a privilege escalation hole in Exchange Server under bulletin one rated important, and an important

An information disclosure rated important in bulletin seven affected Server, Vista, 7, 8 and 8.1 plus RT.

Sysadmins should keep an eye out for the 9 December fixes along with those from other big players who release updates at the same time. ®


Other stories you might like

Biting the hand that feeds IT © 1998–2021