Patch Tuesday brings 26 fixes

Microsoft has issued a hefty 11 bulletins addressing 26 vulnerabilities in its August security release.

The monthly security update includes six bulletins that address issues rated 'critical', the highest of Microsoft's security alert levels.

Four of the critical bulletins addressed vulnerabilities in Office. Those patches included fixes for an ActiveX control in Office 2003 and older, flaws in Office filters, Powerpoint and Excel. All four could be used by an attacker to remotely execute code.

The company also fixed remote code vulnerabilities in the Image Color Management software for Windows 2000, XP and Server 2003. The remaining critical bulletin was an update to a previous patch for Internet Explorer 6 and 7.

The five remaining vulnerabilities were all rated 'important'. Those included fixes for remote code flaws in Word and information disclosure risks in Outlook and Windows Messenger.

Also fixed was an information disclosure flaw in the IPSec software for Windows Vista and Server, as well as a remote code execution vulnerability in the Windows Event System component for all versions of the operating system.

McAfee researcher Karthik Raman said that the update was a "mammoth" release, noting that Microsoft has not patched so many vulnerabilities with a single update in some two years.

"We have not seen anything of this scale in a long time," he said.

"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply views a malformed image or visits a malicious website, a favourite attack method among cybercriminals."