This month's Patch Tuesday was another biggie: 16 bulletins addressing 34 vulnerabilities across IE, Office and Windows...
Top of the list of things to watch out for are two “critical” bulletins: MS11-050 and MS11-52. These are are effectively attacker's delight since they are browser based, which are the most coveted exploits. They affect Internet Explorer 6,7, and 8: and once these vulnerabilities are weaponized they will be a significant problem as many organizations give their users administrative privileges, which attackers can inherit with this bug. In fact, these vulnerabilities are likely to provide attack vectors for some time to come. The situation is worse still for those running IE6; they will have bigger issues as they are not supported by major websites such as Google, YouTube and others.
Also, although MS11-045 is listed as “important” rather than “critical”, it's the type of Microsoft Excel bug that could be used as part of a spear phish attack to execute malicious code, so be aware!
In general, you can expect to see a steady stream of critical vulnerabilities coming out until after August as the release of new exploits is typically timed around major security industry events such as BlackHat and DefCon, which take place during the coming months. At this time, it’s even more critical than ever that information security professionals keep themselves as up to date as possible with patching and testing.
Exploit developers will already be disclosing bugs to Microsoft and other vendors in preparation for these events, and this may well be reflected in the next few Patch Tuesdays.