by Ryan Naraine
October 9th, 2008 @ 4:12 pm

It will be a very busy Patch Tuesday for administrators managing Microsoft Windows computer systems. According to Microsoft’s advance notice mechanism, 11 security bulletins will drop next Tuesday (October 14, 2008), covering a wide range of serious vulnerabilities.

Four of the 11 bulletins are rated “critical,” meaning that those vulnerabilities can be exploited to launch remote, code execution attacks. The four “critical” bulletins apply to the widely deployed Internet Explorer browser, Active Directory, Microsoft Excel and Host Integration Server. Six of the bulletins will be rated “important” and will provide fixes for a range of Microsoft Windows operating system vulnerabilities.

The final bulletin, rated “moderate,” will provide patches for an information disclosure bug in Microsoft Office. This month will see the first appearance of the previously announced Exploitability Index, a new Microsoft initiative aimed at attempting predictions on whether exploit code will be released.

This index will attempt to predict if a vulnerability is likely to have functioning exploit code released, or have inconsistent exploit code released that wouldn’t work every time an attacker attempted to used it. We’ll even highlight vulnerabilities where we think it’s unlikely that functioning exploit code will ever be released.