Microsoft issues critical IE and Silverlight patches

Microsoft has fixed critical flaws in Internet Explorer (IE) and Silverlight with its October batch of security updates.

The company said its Patch Tuesday update contains a total of eight fixes that address a total of 23 software vulnerabilities.

Two of the patches fix vulnerabilities Microsoft has classified as critical. The company is recommending that administrators prioritise each of the fixes due to the risk of remote code execution attacks.

Microsoft said the first of the critical fixes tackles eight flaws in the IE browser, the most severe of which could leave users vulnerable to remote code attacks and malware installation. The vulnerability affects IE 6, 7 and 8.

The second critical bulletin addresses a flaw in the .NET and Silverlight components. Microsoft warned that if targeted, the vulnerability could allow an attacker to remotely execute code on end-user systems and bypass security protections on server systems.

Each of the remaining six bulletins have been classified by Microsoft as important and address risks ranging from remote code execution to elevation of privileges and denial-of-service attacks.

Software patched in the six important bulletins include Windows, Host Integration Server and the Microsoft Forefront Unified Access Gateway.

Dave Marcus, head of research and communications for McAfee Labs, said users should patch their systems as soon as possible.

"Administrators should pay special attention to the critical flaw affecting Internet Explorer and Windows users, which, left unpatched, can allow attackers to remotely spread a virus," Marcus said.

"IT administrators should also be aware that the .NET issue also affects Mac OS clients."