This month’s Patch Tuesday features seven bulletins, with four rated as critical. Updates for Internet Explorer take the spotlight as one bulletin, MS14-010, addresses 24 vulnerabilities in Internet Explorer. These vulnerabilities could result in remote code execution, which could allow an attacker the same user rights as the current user.
A second bulletin, MS14-007, addresses a separate vulnerability in Direct2D that can trigger remote code execution by opening a malicious website in Internet Explorer or opening an email attachment.
The remaining critical vulnerability of most importance for most users is MS14-011, which patches a vulnerability in the VBScript scripting engine. If exploited, this could also trigger remote code execution.
Another critical bulletin, MS14-008, affects Microsoft Forefront for Exchange. While this product is now discontinued, Microsoft has promised security updates until December 2015. Three other bulletins released today were rated as important by Microsoft.
Other vendors have also been busy patching flaws in their software. Last week, Adobe released a patch to Flash Player to deal with reported in-the-wild vulnerabilities, and this week Shockwave Player received an update as well.
Users are advised to apply these security updates as soon as possible, as well as visit the Trend Micro Threat Encyclopedia page for further information. Appropriate rules for Trend Micro Deep Security have also been created and are available for use by system administrators.