Brace for some critical hits next week. A bunch of critical security fixes for Internet Explorer are coming, and immediate deployment is recommend for these.
Microsoft has released the advanced notification for the October 2014 Update Tuesday cycle, and remote code execution is high on the agenda — nine security bulletins are set for Tuesday, October 14.
Administrators are notified to deploy this new set of fixes, particularly the one for Internet Explorer that comes rated as Critical, and comes with a severe vulnerability impact. Versions 6 through 11 of the company’s flagship web browser are in line to get this fix.
On various versions of Windows.
An attacker can use this RCE flaw to run arbitrary code on affected machines, without direct access to them. Meaning, malicious commands can easily be run on the target systems, affording cybercriminals the same privileges as the logged in user.
The .NET Framework and several builds of Windows are also affected by this security glitch, including Windows Vista, 7, 8, 8.1 and both RT flavors. Same goes for server versions, 2003, 2008 and 2012.
Office and related services are also affected by this remote code execution vulnerability, but it is marked as Important in this case.
Microsoft also informs that system administrators might have to restart their machines after installing these security fixes, so keep that in mind if you oversee a bunch of computers.