Microsoft detailed plans to ship eight security bulletins for software vulnerabilities in Windows, Office and Internet Explorer.

Five of the bulletins are rated “critical”, meaning that they can be exploited to take complete control of Windows machines, using flaws that could allow remote code execution attacks. 

Two of the other three bulletins are rated “important” and can expose Windows users to elevation of privilege attacks and users of ForeFront Edge Security to a Denial of Service attack.  Note that all supported versions of Windows will be affected by the releases, including the newer Windows Vista and Windows Server 2008.

The "critical" Cumulative Security Update for Internet Explorer (963027) should be treated as a priority.  This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer.

Operational note: Six of the eigth bulletins require a restart after deployment.

Find out more

To discuss EJC's approach to securing your systems and patch management click here

For further information you can find the full bulletin here

For news about previous Microsoft Security Bulletins click here

A full guide to the Microsoft Severity Rating System can be found here