Remote code execution attacks, where hackers take advantage of vulnerabilities to attack a computer system over the Internet, have grown exponentially in the last couple of years -- borne out by the number of patches Microsoft has issued this year. All of the company's critical security updates released this year, including next week's updates, have patched vulnerabilities that allow remote execution attacks.
The total so far this year for Microsoft's critical remote execution patches, including the August updates, is now 34, with another 11 important patches for the same problem.
In addition, next week Microsoft will release three other security updates, all rated important, which could also allow remote code execution attacks. Two of those updates will address remote code execution vulnerabilities in Windows and Vista and a third update will prevent users from being able to elevate their access privilege level in Virtual PC or Virtual Server, according to Microsoft.
One of the critical patches for Windows will be for the same vulnerability in XML Core Services, while another critical patch for Windows will also address that vulnerability in Visual Basic and Office for Mac.
Also planned for release next week are four non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).There will be two non-security, high-priority updates on Windows Update (WU) and Software Update Services (SUS) as well.
More information about the non-security patches will be available on Tuesday.
To find out if computer systems need all or any of these nine updates, companies can use Microsoft's Baseline Security Analyzer.
Additionally, an updated version of Microsoft Windows Malicious Software Removal Tool will be released Tuesday on WU, MU and WSUS, and at Microsoft's download center.