A total of 7 security bulletins will be released to address at least 28 documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework.
Three of the 7 bulletins (Windows, IE and .NET) will be rated “critical,” Microsoft’s highest severity rating. A critical bulletin addresses flaws that could lead to remote code execution attacks with little or no user interaction.
The other four bulletins will carry an “important” rating and deals with vulnerabilities that could be exploited in code execution and privilege escalation attacks.
This month’s patch batch comes on the heels of the decision over the weekend to release an emergency fix
to thwart “active attacks” that use unauthorized digital certificates derived from a Microsoft Certificate Authority. This led to sophisticated man-in-the-middle attacks as part of the Flame malware which has suspected links to nation-state attackers.