Microsoft Corp. typically alternates between patching Windows and issuing application updates to help administrators reduce the number of machines they need to attend to each month.
However, this Tuesday, the company is releasing 16 security bulletins, the largest number of security advisories in about three years.
Here are the five critical bulletins:
Bulletin 1 – Rated critical for all versions of Windows has remote code execution (RCE) potential. This type of vulnerability could allow an attacker to grab control of an affected machine. Dealing with it may require a system restart.
Bulletin 2 – Critical, with RCE potential, covers all versions of Internet Explorer and Windows. Requires restart
Bulletin 3 – Affects all Windows versions. Critical, RCE type, requires restart
Bulletin 4 – Critical, RCE type, affects all Windows versions and may require restart
Bulletin 5 – Rated critical on server operating systems but not on desktop systems. Affects all Windows versions and requires restart
There are two other “moderate” patches. One affecting Windows and Office and which could result in denial of service attacks against Windows.
The nine important bulletins address vulnerabilities in Windows, Windows Server, Exchange and .Net Framework. These vulnerabilities require user action in order to be executed.
Potential exploits include, elevation of privilege, RCE, security feature bypass and data disclosure.