Microsoft punches out 11 security fixes

Posted by Mark Raby

Redmond (WA) - Six "critical" updates join five more "important" vulnerability fixes in this month's regularly scheduled security bulletin from Microsoft.

Of the six critical patches, all of which fix vulnerabilities that could lead to remote code execution, four affected Microsoft Office.  Three of these deal with problems that could be exploited if a user opens a specially crafted document created for attack purposes.  The other deals with the way Office interacts with Internet Explorer.

Another critical update was privately reported to Microsoft, and fixes a vulnerability in the Windows WebDAV Mini-Redirector, which if exploited could give remote users full administrative privileges of the computer.  The last critical patch relates to Internet Explorer and a vulnerability involving specially crafted websites.

Of the five important updates, only two could lead to remote code execution, one of which is a vulnerability in Microsoft Office and Microsoft Works.  The other four patches deal with business and developer applications.

Microsoft noted that none of the vulnerabilities affect Windows Vista Service Pack 1.  However, users running the general Vista operating system are still at risk.

Users can download the update from Microsoft's update website.