Microsoft remote code exec killjoys to dump seven fixes next week

Redmond will fix three critical holes in Internet Explorer, Office and Windows next week.

Microsoft's Advanced Notification service details a seven-fix monthly dump.

Among the three critical bulletins are a problem that leaves Internet Explorer open to remote code execution (RCE) attacks. Patching for bulletin two required a restart.

Separate flaws in bulletins three, four and five affecting Microsoft Office 2007, 2010 and 2013 also permitted RCE attacks.

A RCE flaw affecting Windows in bulletin 6 was rated moderate for some versions of Server but critical for Vista, and 7.

The fixes would also address a privilege escalation hole in Exchange Server under bulletin one rated important, and an important

An information disclosure rated important in bulletin seven affected Server, Vista, 7, 8 and 8.1 plus RT.

Sysadmins should keep an eye out for the 9 December fixes along with those from other big players who release updates at the same time. ®