Users may have noticed an extended shut down update process on their Windows based machines this month after Microsoft released November’s Patch Tuesday update to address a total of 19 vulnerabilities.
Of the vulnerabilities fixed, four were rated as “critical” and these were located in Internet Explorer 9 (patch MS12-071) as well as “all” versions of the Windows operating system (patch MS12-075) including the newly released Windows 8.
Microsoft’s bulletin information for patch MS12-071 reads as follows, “This security update resolves three privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”
With users typically also using other versions of Internet Explorer (IE) including IE7, IE8 and IE10, systems running these versions will not have been exposed to the remote code execution vulnerabilities — but application of the patch updates is still generally recommended.
The update itself is automatic for typical users, IT administrators who control company systems may have more manual control of their update processes.
A critical patch bulletin was also released for the .NET framework (MS12-074), a programming environment primarily focused on Windows software. While two further vulnerabilities were also fixed in the Windows shell (MS12-072), that part of the Windows system that looks after the graphical user interface (GUI) and the commands that a user enters into his or her computer.
It is important to note that despite the critical nature of these updates, there is a complexity of specific computer configuration factors and user behaviour needed for exploits to have been successful. Not to dilute the severity of the risk factor here or the urgent need for the patch updates to be carried out, IT administrators and individual users should pay attention to the information that Microsoft makes available in its monthly Security Bulletin Summary which is viewable on the firm’s Security TechCenter at any time.