Microsoft issued nine security bulletins on Tuesday, fixing eleven vulnerabilities in products ranging from Windows, to Microsoft Office, to Internet Information Services.
The patch release, part of the company’s monthly Patch Tuesday release included a fix for a previously undisclosed vulnerability in the Microsoft Print Spooler Service that was exploited by the Stuxnet worm earlier this year. That patch, MS10-061, was rated critical for systems running Windows XP, according to a post on the blog of Microsoft’s Security Response Center (MSRC).
A second critical update, MS10-062, patches a vulnerability in the MPEG-4 codec used by Windows XP, Windows Vista and Windows Server 2003 and 2008. That vulnerability, if left unpatched, could allow a remote attacker to use a specially crafted media file to take control of a vulnerable system, Microsoft warned.
MS10-064, could allow for remote code execution on editions of Microsoft Outlook 2002 and could be triggered by a specially crafted e-mail message sent to an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode.
That vulnerability also affects supported editions of Microsoft Outlook 2003 and Microsoft Outlook 2007, but does not allow for remote code execution and is rated “Important.”