'Critical' Fixes for Internet Explorer, Silverlight in Microsoft's October Security Bulletin

Microsoft today released its October Security Bulletin, which includes eight bulletins that address 23 vulnerabilities -- with two bulletins labeled "critical" and six "important."

The first critical item fixes eight vulnerabilities reported by private entities. Microsoft said that one of the holes could lead to remote code execution if a user visited a targeted Web page while using Microsoft's browser.

The second critical bulletin fixes an issue with Microsoft .NET Framework and Microsoft Silverlight. Just as in the first bulletin, if unpatched, users could be subjected to remote code execution thanks to an error in Internet Explorer that can run XAML Browser Applications (XBAPs) or Silverlight applications.

As with all items deemed critical by Microsoft, security experts advise IT and users to prioritize these patches as soon as possible. "In addition to the eight critical vulnerabilities being fixed in Internet Explorer, both consumer and corporate customers urgently need to patch Silverlight with MS11-078, which may or may not be installed on your system," wrote Kurt Baumgartner, a Kaspersky lab expert, in a blog post.

Host Integration Servers 2004, 2006, 2009 and 2010 marks the first important bulletin, and if unpatched, could lead to a possible denial of service attack. The second of the six important items concerns Windows Server 2003 and Windows XP, and patches a hole that hackers could exploit for an elevation of privilege action.

Speaking on behalf of the next item, Robert Keith, security advisor at Symantec, breaks down an error in Microsoft's Kernel mode (all versions of Windows OS and Windows Server) that gets a fix: "A local privilege-escalation vulnerability occurs because the kernel fails to properly validate user-supplied data between user-mode and kernel-mode. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer."

The final three bulletins target Forefront Unified Access Gateway 2010, Windows Media Center running on Windows 7 and Microsoft Active Accessibility. If gone ignored, flaws in these programs could all lead to remote code execution attacks.

More information on October's Security Bulletin can be found here. Microsoft has also released a chart prioritizing each patch:

Office Web Apps[Click on image for larger view.]

Courtesy of Microsoft

About the Author

Chris Paoli is the site producer for and


  • Secured-Core PCs Promise To Stop Malware at the Firmware Level

    Microsoft and its hardware partners recently described new "Secured-core" PCs, which add protections against firmware-based attacks.

  • How To Ransomware-Proof Your Backups: 4 Key Best Practices

    Backups are the only guaranteed way to save your data after a ransomware attack. Here's how to make sure your backup strategy has ransomware mitigation built right in.

  • Microsoft Buys Mover To Aid Microsoft 365 Shifts

    Microsoft announced on Monday that it bought Mover to help organizations migrate data and shift to using Microsoft 365 services.

  • Microsoft Explains Windows 7 Extended Security Updates Setup Process

    Microsoft this week described installation instructions for volume licensing users of Windows 7 Service Pack 1 to get Extended Security Updates (ESU) activated on PCs.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.