Microsoft will release two critical fixes for vulnerabilities in its Windows operating system and Internet Explorer web browser in its forthcoming Patch Tuesday update.
Microsoft announced the fixes in an advanced threat advisory, warning that critical vulnerabilities could theoretically be used by hackers to mount remote code execution attacks.
The update will also include three important Windows updates and a single moderate fix for a flaw in Windows Server.
Trustwave Threat Intelligence manager Karl Sigler said none of the vulnerabilities are particularly dangerous and are part of what appears to be a fairly minor Patch Tuesday. “This seems to be a light release with two ‘critical’ bulletins, three ‘important’ bulletins and one ‘moderate’ bulletin,” he said.
“These bulletins will affect Internet Explorer, Microsoft Server software and Microsoft Windows. A restart will be necessary to install the updates. This security update should require minimal effort to install and should be quicker to update than normal.”
Rapid7 senior manager of Security Engineering at Ross Barrett added that, despite being listed as a moderate update, IT managers should still install the Windows Server update as soon as possible.
“The odd one out this month is the moderate denial of service in ‘Microsoft Service Bus for Windows Server’,” he said.
“This seems to be a message queuing library for Windows, it’s part of the Microsoft Web Platform package and is not installed by default with any operating system version. That said, if you have this component you will probably care to patch this before script kids start knocking over your site.”
The advanced advisory follows one of Microsoft’s biggest Patch Tuesdays to date. On last month’s Patch Tuesday Microsoft released a staggering 59 updates for Internet Explorer.