Microsoft has released six bulletins that address 29 vulnerabilities and three security advisories. The most critical bulletin, the MS14-037 update, will patch 24 Internet Explorer vulnerabilities that are deemed easy to exploit for potential attackers.
The most severe of the vulnerabilities listed in the MS14-037 update - or the Cumulative Security Update for Internet Explorer - could allow remote code execution if a user views a specially crafted web page using Internet Explorer, Microsoft said in its executive summary. Attackers who successfully exploit these vulnerabilities could gain the same administrative rights as the current user.
Wolfgang Kandek, Chief Technology Officer at Qualys says the critical patches in this update "all address vulnerabilities that could lead to remote code execution, which would allow an attacker to gain privileges on a machine by tricking a user to view a specially crafted Web page using the browser," in a statement.
Microsoft has also released a critical update described by the company as "Vulnerability in Windows Journal Could Allow Remote Code Execution," which could allow remote code execution if a user opens a specially crafted Journal file.
This Windows Journal update is targeted for all versions of Windows Vista, Windows Server 2008 (excluding Itanium), Windows 7, Windows Server 2008 R2 (excluding Itanium), Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
The four additional bulletins are listed as important and moderate.