Patch Tuesday August 2011 – 13 updates, 22 vulnerabilities

Microsoft Security Response logoMicrosoft released 13 bulletins today, which is quite large for a summer Patch Tuesday, but only two of these bulletins were critical. There are nine rated important and two rated as moderate.

The first critical bulletin, MS11-057, affects Internet Explorer and patches seven vulnerabilities. Two of these vulnerabilities were disclosed publicly and are rated moderate. The other five, disclosed privately, could allow remote code execution (RCE) and are thus automatically rated critical.

The other critical bulletin, MS11-058, impacts Windows DNS servers. A specially crafted DNS record in combination with a request to a vulnerable server could lead to remote code execution (RCE).

SophosLabs has rated both of these vulnerabilities as high, as well as a bulletin on Microsoft Data Access Components and Microsoft Visio which Microsoft has rated important.

Other Microsoft components that were patched include Visual Studio, .NET, RDP, Windows Kernel and the TCP/IP stack. Microsoft’s advisories can be found on the MSRC blog.

Adobe logoAdobe has also released its Patch Tuesday bulletins today. There are two fixes for Adobe Air, nine for Flash Media Server, 46 for Flash Player, two for Photoshop CS5, four for RoboHelp, five for RoboHelp server and 11 in Shockwave player.

Adobe has published the details of these bulletins on its PSIRT blog and SophosLabs has rated the threat level of the Flash Player fixes as high.

As always it is important to deploy these fixes as soon as possible. Fortunately there are only five bulletins SophosLabs considers high risk, so we can get those out there quickly and start preparing for next month.