Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly busy month—the vendor is releasing 10 bulletins covering a total of 34 vulnerabilities.
Six of the issues are rated “Critical” and affect Data Analyzer ActiveX, Internet Explorer 8 Developer Tools, Internet Explorer, and Windows. All of the “Critical” issues are client-side and can result in remote code-execution in the context of the currently logged-in user if an attacker can trick an unsuspecting victim into performing some action. There are also a record number of issues affecting Excel, with 14 vulnerabilities being discovered in that program, 13 of which are remote code execution.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...