Microsoft today released 13 software updates to fix at least 22 security flaws in its Windows operating systems and other software. Two of the flaws addressed in the August patch batch earned Microsoft’s most dire “critical” rating, meaning that attackers can exploit them to break into systems without any help from users.
Among the critical updates is a cumulative patch for Internet Explorer that plugs at least five security holes in the browser. The update is considered critical for IE versions 7, 8 and 9 (oddly enough, it earned an overall “important” rating on the insecure IE6).
The other critical patch fixes a serious problem with the DNS server built into Windows Server 2003 and Windows Server 2008 systems (consumer systems such as Windows XP, Vista and Windows 7 are not affected by the flaw). Although the DNS bug is rated critical, Microsoft considers it unlikely that attackers will develop functioning code to exploit the flaw.
Nine other flaws earned Microsoft’s important rating, and six of those ranked high on Microsoft’s exploitability index, meaning the company believes it is likely that attackers will develop code designed to exploit them to break into Windows PC
As always, if you experience any issues during or after applying the updates, please leave a note in the comment section about it. A summary of all patches released today is available at this link.