Patch Tuesday Arrives with Nine Fixes
As promised, Microsoft on Tuesday issued nine separate security patches, fixing vulnerabilities in DirectX, Exchange, Internet Explorer, and Windows itself. Three of the fixes were deemed "critical," four "important," and two "moderate."
All of the critical patches involved some type of remote code execution vulnerability. The Internet Explorer patch fixes a flaw found by eEye Digital Security and the French Security Incident Response Team back in July revolving around the COM object within IE.
The DirectX patch fixes a flaw within DirectShow, and the Windows fix patches a hole in the MSDTC and COM+ objects.
Of the important updates, all fixed code execution problems, with three of them fixing various problems with Windows. Holes in Plug and Play, Client Services for Netware and Windows Shell were repaired.
The remaining important update fixes a problem with Microsoft Collaboration Objects within Microsoft Exchange, which only pertains to business users.
A tampering vulnerability within the Windows FTP client that could allow hackers to modify file transfer locations, as well as a Denial of Service problem in the Network Connection Manager have also been addressed under the moderate category.
Microsoft's next scheduled Patch Tuesday will be November 8.