Microsoft has released 10 security patches that address 26 vulnerabilities in its software, but it has struggled to distribute them automatically to users, and failed to release an eleventh “critical” patch because of “quality issues”.
Among the 10 patches are six “critical” fixes, which address problems in the Internet Explorer browser, the PowerPoint presentation software, the Excel spreadsheet, Microsoft Word, a vulnerability in Microsoft XML Core Services, and a general flaw in the Office suite.
Microsoft said all these problems could allow remote attackers potentially to run arbitrary code on users’ machines without any user interaction.
There was also an “important” patch for the firm’s Server Service software which could allow a denial of service attack on users’ systems.
In addition there was a “moderate” fix for ASP.NET 2.0, to prevent the release of user data to outsiders.
There was also a moderate fix for Windows Object Packager to prevent remote code execution, and a “low security” patch to prevent a denial of service attack on TCP/IP IPv6 systems in the Windows environment.
The company has admitted it struggled to get these patches out to users on schedule because of technical problems with its patch distribution network.
In addition, the firm failed to release a critical Windows patch because the code that was prepared to fix the problem did not meet quality parameters.
That fix, which was promised along with the others last week, may be released later this month, outside the company’s usual monthly patching cycle.