10 Windows, 2 Office Patches Issued

Microsoft on Tuesday issued twelve security bulletins, including 7 "critical" patches for Windows and 2 critical updates for Office. Three other "important" patches were released for Windows. All told, Microsoft fixed over 20 vulnerabilities in the two products.

The critical Windows updates address several vulnerabilities in the Windows Server and DNS services, flaws in Internet Explorer and Outlook Express, a vulnerability in the Microsoft Management Console, an issue with HTML Help, and several vulnerabilities in the Windows kernel.

In Office, Microsoft has fixed a vulnerability in Visual Basic for Applications that could allow remote code execution, as well as two vulnerabilities in PowerPoint.

A zero-day exploit for PowerPoint surfaced shortly after July's Patch Tuesday release, in which malware dubbed Trojan.PPDropper.B uses a malformed string to execute code and modify Explorer.exe.

The important patches for Windows correct more vulnerabilities in the Windows Kernel and a flaw in Windows Explorer. Two vulnerabilities in the hyperlink object library that could allow remote code execution with user interaction were also resolved.

Other than the security patches, Microsoft has released an update to the Windows Malicious Software Removal Tool. Additionally, two high-priority non-security updates are available through Microsoft Update.

Microsoft urges Windows and Office users to update their software immediately. Malicious hackers have been known to create exploits for security issues once details on the patches have been released.