To view the full article in its entirety, please visit eWeek: Microsoft Releases Security Patches for 11 Vulnerabilities

Microsoft issued nine security bulletins for Patch Tuesday today to cover 11 security holes in Windows and other Microsoft products.

Four of the bulletins are rated "critical," including two Microsoft considers very likely to be exploited. Among these two bulletins is MS10-061, which addresses a publicly disclosed vulnerability in the Print Spooler service that could be exploited to allow remote code execution via a specially crafted print request to a vulnerable system with a print spooler interface exposed over RPC.

"On Windows XP, the guest account is enabled by default, which allows anonymous users to access printer shares," Microsoft said in the advisory. "On Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, an attacker must be authenticated in order to exploit this vulnerability unless password-based sharing is disabled. If password-based sharing is disabled, attackers could exploit these systems without authentication."

MS10-062 was also ranked as likely to be exploited. The bulletin covers a remote code execution vulnerability tied to the way the MPEG-4 codec handles supported format files. If exploited successfully, an attacker could take control of a vulnerable system.

"There is a prevalence of sharing media and video files, so MS10–062 is of particular interest, as this media code execution takes advantage of vulnerabilities by crafting music files," said Dave Marcus, director of security and research communications at McAfee Labs. "We have found that cyber-criminals are increasingly hiding malicious content in music- and movie-related sites, making it very easy to craft a fake file and exploit this type of vulnerability."