Microsoft plugs critical IE, .Net holes

Patch Tuesday bulletins fix holes in IE, .Net, Silverlight, Forefront UAG, and Microsoft Host Integration Server.

Jerry Bryant, group manager for response communications at Microsoft, discusses the Patch Tuesday releases in a video on the Security Response Center blog.
Jerry Bryant, group manager for response communications at Microsoft, discusses the Patch Tuesday releases in a video on the Security Response Center blog. Microsoft

Microsoft today issued eight security bulletins plugging 23 holes, including a critical patch for vulnerabilities that could allow an attacker to take control of a computer, if someone visited a malicious Web page using Internet Explorer.

The cumulative IE patch, MS11-081, fixes eight holes and is rated high priority among today's Patch Tuesday bulletins, which include two rated critical and six rated important.

The other high-priority bulletin is MS11-078, which fixes a vulnerability in .Net Framework and Microsoft Silverlight that could allow an attacker to remotely execute code on a machine, if a user views a malicious Web page using a Web browser that runs Extensible Application Markup Language (XAML) applications or Silverlight applications, according to a Microsoft Security Response Center blog post. Server systems running Internet Information Services are also at risk, if an attacker is able to upload a malicious ASP.Net page to the server and executes it, the company said.

The other bulletins resolve issues in Windows, Microsoft Forefront United Access Gateway, and Microsoft Host Integration Server, according to the bulletin advisory.

"Overall, this Patch Tuesday is fairly moderate. Three of the included vulnerabilities have been previously disclosed, and there is an available proof-of-concept code," said Dave Marcus, director of security research and communications at McAfee Labs. "Administrators should pay special attention to the critical flaw affecting Internet Explorer and Windows users, which, left unpatched, can allow attackers to remotely spread a virus. IT administrators should also be aware that the .Net issue also affects Mac OS clients."

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
The most anticipated games of 2015
Tech industry's high-flying 2014
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)