Microsoft has released 10 security patches that address
26 vulnerabilities in its software, but it has struggled to
distribute them automatically to users, and failed to release an
eleventh “critical” patch because of “quality issues”.
Among the 10 patches are six “critical” fixes, which address
problems in the Internet Explorer browser, the PowerPoint
presentation software, the Excel spreadsheet, Microsoft Word, a
vulnerability in Microsoft XML Core Services, and a general flaw in
the Office suite.
Microsoft said all these problems could allow remote attackers
potentially to run arbitrary code on users’ machines without any
user interaction.
There was also an “important” patch for the firm’s Server
Service software which could allow a denial of service attack on
users’ systems.
In addition there was a “moderate” fix for ASP.NET 2.0, to
prevent the release of user data to outsiders.
There was also a moderate fix for Windows Object Packager to
prevent remote code execution, and a “low security” patch to
prevent a denial of service attack on TCP/IP IPv6 systems in the
Windows environment.
The company has admitted it struggled to get these patches out
to users on schedule because of technical problems with its patch
distribution network.
In addition, the firm failed to release a critical Windows patch
because the code that was prepared to fix the problem did not meet
quality parameters.
That fix, which was promised along with the others last week,
may be released later this month, outside the company’s usual
monthly patching cycle.