Microsoft is to release a larger than usual security update on 9 August, with 13 patches fixing 22 vulnerabilities.
‘Critical’ flaws in Internet Explorer 6-9 and Windows XP, Vista, Server 2003 and 2008 all allow remote code execution on a target machine, and all patches require a full restart.
The bulk of the patches are rated ‘important’, mostly fixing denial-of-service or privilege elevation problems, and there two ‘moderately important’ updates.
“As always, we recommend that customers review the advanced notification summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible,” said Angela Gunn from Microsoft’s Trustworthy Computing group.
The bulk of the patches are for Windows, with one each for Internet Explorer, Visio in Office, and updates for the .NET Framework, Visual Studio and Microsoft Report Reader.
Other non-security software in the patch bundle includes updates to Microsoft’s Malicious Software Removal Tool, the junk mail filter, .Net Framework 4, embedded versions of Windows and ActiveX Killbits.
Microsoft announced the Blue Hat Prize at the Black Hat conference yesterday which offers a prize of $200,000 to a researcher who finds a way of blocking entire classes of attacks on memory vulnerabilities in Windows.