Microsoft Patches 22 Security Holes

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
As promised, Microsoft delivered fixes for some 22 security vulnerabilities in a baker's dozen of monthly patches for Patch Tuesday -- the second Tuesday of the month -- its regular date for releasing product fixes.

The release won't be quite as demanding as several recent Patch Tuesday drops, however, since only two of the 13 patches rate a top ranking of critical on Microsoft's (NASDAQ: MSFT) severity scale rating scale.

Critically-rated patches are typically of the most dangerous nature. For the rest of the patches, Microsoft's security professionals identified 9 of them as important -- the scale's second highest rating -- and two as moderate.

Microsoft released several record or near-record, Patch Tuesday bug patches in recent months, many of which have kept security administrators working nights and overtime in order to keep up with the workload.

Last Thursday, as usual, Microsoft's security mavens warned enterprise professionals to be prepared for the latest batch of patches.

Even there are only two critical patches in the August drop, however, they account for a total of 11 of the 22 holes patched in the 13 patches, third-party security researchers pointed out.

"MS11-057 is critical and affects all Internet Explorer versions including the newest IE9. Attackers can take complete control of a computer by setting up a malicious web page and attracting the victim to the page," Wolfgang Kandek chief technology officer at researcher Qualys, said in an emailed statement.

Marcus Carey, security researcher at Rapid7, agreed.

"Until this one is patched, we'd recommend limiting your use of Internet Explorer to only visiting trusted sites and remember that it's never a good idea to click on suspect or unknown links," Carey added.

"The second critical bulletin MS11-058 is for a server side vulnerability and ... allows the attacker to crash the server and in the worst case scenario take complete control," Qualys' Kandek added.

The entire list of August bug patches and the security bulletins that accompany them can be found here.

Stuart J. Johnston is a contributing editor at InternetNews.com, the news service of Internet.com, the network for technology professionals. Follow him on Twitter @stuartj1000.