Microsoft today shipped six bulletins with patches for a total of 12 documented security vulnerabilities in a wide range of widely deployed software products. Three of the six bulletins are rated “critical,” Microsoft’s highest severity rating.The most serious issues affect the company’s Internet Explorer browser, including the newest IE 8 on Windows 7.The Internet Explorer bulletin (MS09-072) covers five documented vulnerabilities that affect all supported versions of the browser (IE 5, 6, 7 and 8 ). As previously reported, there is public exploit code available for one of the IE vulnerabilities.
Here’s why this is considered a high-priority update for all affected Windows users:
The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
An interesting sidebar: All five of the IE vulnerabilities were purchased by a third-party company that buys software flaw information in exchange for the exclusive rights to broker the disclosure process with affected vendors.