The critical bugs can enable an attacker to exploit programs through remotely executing code on computers operating with the vulnerable software.
“There's going to be a lot of heavy lifting for IT administrators this month,” Dave Marcus, director of security research and communications at McAfee Labs, said in a statement. “Not only are there a large number of Microsoft patches, there's also the additional Adobe and Java patches to address as well. Administrators should evaluate and prioritize the most important patches for their organization.”
Qualys CTO Wolfgang Kandek ranked as the highest priority Microsoft bulletins MS11-050, which addresses 11 vulnerabilities in Internet Explorer (IE) versions 6,7, 8 and 9, and MS11-052, which patches VML, a markup language that is used mainly in IE.
"Browser and plug-in vulnerabilities together have been the point of entry for many recent security incidents and are the main infection vector for mass malware, such as Zeus and SpyEye," Kandek said in a statement.
"With this Patch Tuesday, we are seeing Internet Explorer 9 affected for the first time," Paul Henry, security and forensic analyst for Lumension, said in a statement. "However, IE9 isn't as much of a concern as IE6, which often seems to be the lowest common denominator in security breaches. It is absolutely imperative that people download a newer version of IE in order to take advantage of the more secure codebase."
Simultaneously, Adobe announced it expects to provide updates on Tuesday for critical bugs embedded in Adobe Reader X (10.0.1) for Windows, Adobe Reader X (10.0.3) for Mac, and Adobe Acrobat X (10.0.3) for Windows and Mac.