Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Only IIS 5.1 running on Windows XP is vulnerable to remote code execution in a default configuration.
However, administrators of internet-facing IIS servers with FastCGI enabled strongly encouraged to apply the update as soon as possible.
Thanks to the whole MSRC Engineering for their work on this month’s cases.
- Jonathan Ness, MSRC Engineering
*Posting is provided "AS IS" with no warranties, and confers no rights.*