Microsoft is issuing five security bulletins this month, two of them critical and affecting all versions of Internet Explorer as well as all versions of Windows from XP to 8/8.1.
The first bulletin rated critical addresses a zero-day attack that was discovered last month and for which Microsoft has already issued a formal Fixit, "but this will be the permanent patch reaching a much larger audience," says Wolfgang Kandek, the CTO of Qualys. It affects IE versions 6 through 11.
If left unpatched, the vulnerabilities could be exploited to let attackers execute malicious code on affected machines, Microsoft says in its Security Bulletin Advance Notification issued today. "These types of bulletins need immediate attention and a reboot, which is always a headache for IT teams," says Ken Pickering, director of engineering at CORE Security.
All five of the bulletins this month concern patches that affect Windows XP, which falls off the security bulletin list after next month's Patch Tuesday. "Windows XP will continue to be impacted by the majority of vulnerabilities found in the WIndows eco-system, but you will not be able to address the issues anymore," says Kandek.
Sign up for Computerworld eNewsletters.