Next Patch Tuesday, Microsoft will release 16 updates for vulnerabilities in Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME, Japanese) and Kernel Mode Drive (KMD).
Internet Explorer 7 till 11 on Windows Vista, Windows 7 and Windows 8 (.1) all receives patches for a vulnerability marked critical by Microsoft. This vulnerability allows an attacker to remotely execute code on the system.
Of the list of updates thirteen are for Windows, five are marked critical. In four cases an attacker is able to remotely execute malicious code on the computer. The fifth critical update prevents an attacker from elevating privileges on the system. The latter seems a serious issue, normally the impact of “Elevation of Privilege” vulnerabilities are marked important or moderate.
This Patch Tuesday there are also six other updates marked important or moderate. One vulnerability exists in all versions of Windows Servers. Other patches fix vulnerabilities that could cause a Denial of Service and one prevents an attacker from circumventing security measures.
The updates will become available Tuesday 11th of November and most of the updates require a reboot.