Microsoft released 13 bulletins today, which is quite large for a summer Patch Tuesday, but only two of these bulletins were critical. There are nine rated important and two rated as moderate.
The first critical bulletin, MS11-057, affects Internet Explorer and patches seven vulnerabilities. Two of these vulnerabilities were disclosed publicly and are rated moderate. The other five, disclosed privately, could allow remote code execution (RCE) and are thus automatically rated critical.
The other critical bulletin, MS11-058, impacts Windows DNS servers. A specially crafted DNS record in combination with a request to a vulnerable server could lead to remote code execution (RCE).
Other Microsoft components that were patched include Visual Studio, .NET, RDP, Windows Kernel and the TCP/IP stack. Microsoft’s advisories can be found on the MSRC blog.
Adobe has also released its Patch Tuesday bulletins today. There are two fixes for Adobe Air, nine for Flash Media Server, 46 for Flash Player, two for Photoshop CS5, four for RoboHelp, five for RoboHelp server and 11 in Shockwave player.
As always it is important to deploy these fixes as soon as possible. Fortunately there are only five bulletins SophosLabs considers high risk, so we can get those out there quickly and start preparing for next month.