Microsoft's patch train rolled into town on Tuesday carrying a cargo of nine updates. Three of the October batch fix critical vulnerabilities involving Windows, Internet Explorer, and Windows Media Player, Microsoft warned. Four of the patches address important flaws and two deal with moderate security bugs. Microsoft pulled plans to issue a patch last month so it doesn't come as much surprise that there's a bumper load this month.

Worst of the critical vulnerabilities is a flaw in the MSDTC and COM+ middleware components of Windows which might allow remote code execution (MS05-051.mspx (http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx)). Both Windows 2000 and Win XP systems - even those running Service Pack 2 - are potentially at risk from the vulnerability, which security firm eEye warns is ripe for exploitation by an internet worm. A cumulative update to IE (MS05-052.mspx (http://www.microsoft.com/technet/security/Bulletin/MS05-052.mspx)) and a fix to DirectShow (MS05-050.mspx (http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx)), software in Windows which processes streaming media, are also deemed critical.

The four important fixes protect against flaws in Client Services for Netware, Microsoft Collaboration Objects, Windows PnP (Plug and Play) and Windows Shell. Windows's FTP client and Network connection manager are the subject of moderate flaws. Microsoft's overview of these various security vulns is here (http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx). ®

Related stories

Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)
http://www.channelregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/
Update glitch spins out IE7 beta testers (19 December 2005)
http://www.channelregister.co.uk/2005/12/19/ie7beta_patch_glitch/
Dasher update pierces Windows flaw (16 December 2005)
http://www.channelregister.co.uk/2005/12/16/dasher_worm_variant/
Dasher worm targets October Windows vuln (15 December 2005)
http://www.channelregister.co.uk/2005/12/15/dasher_worm/
MS releases IE überpatch (14 December 2005)
http://www.channelregister.co.uk/2005/12/14/ie_uberpatch/
Critical MS patch fixes graphics bugs (9 November 2005)
http://www.channelregister.co.uk/2005/11/09/ms_november_patch_tuesday/
Solitary patch for MS Nov Patch Tuesday (4 November 2005)
http://www.channelregister.co.uk/2005/11/04/ms_november_bulletin/
Snort plugs Back Orifice as Oracle issues mega-fix (19 October 2005)
http://www.channelregister.co.uk/2005/10/19/patch_roundup/
Web 2.0 worm downs MySpace (17 October 2005)
http://www.channelregister.co.uk/2005/10/17/web20_worm_knocks_out_myspaces/
Glitch afflicts critical MS patch (17 October 2005)
http://www.channelregister.co.uk/2005/10/17/ms_patch_glitch/
Microsoft's delay to patch fuels concerns (14 September 2005)
http://www.channelregister.co.uk/2005/09/14/secfocus_patches/
MS pulls upcoming Windows security patch (12 September 2005)
http://www.channelregister.co.uk/2005/09/12/ms_pulls_security_patch/
Plug and Play pandemonium (17 August 2005)
http://www.theregister.co.uk/2005/08/17/plug_and_play_worm_pandemonium/
Glitch hits MS Patch Tuesday (11 August 2005)
http://www.channelregister.co.uk/2005/08/11/ie_patch_glitch/
Six patches - three critical - in MS August patch batch (10 August 2005)
http://www.theregister.co.uk/2005/08/10/ms_aug_patch_batch/
Worm risk over Win2K flaw (5 August 2005)
http://www.theregister.co.uk/2005/08/05/win2k_worm_flaw/
Six patches for MS August Patch Tuesday (5 August 2005)
http://www.channelregister.co.uk/2005/08/05/ms_patch_pre-alert/