September’s Patch Tuesday is a fairly light compared with the last few months. It contains a mere four bulletins with one rated critical and the balance rated important. In a surprise to no one, the critical bulletin is for Internet Explorer (also water is wet, sky blue).
This bulletin affects IE6 and up and remediate 36 critical vulnerabilities and 1 important vulnerability. The three important bulletins remediate vulnerabilities in .NET, Windows Task Scheduler, and Lync Server.
In other patch related news… Google Chrome 37 has been released, containing 50 fixes for various vulnerabilities with different impacts. The vendors’ advisory mentions 10 CVEs for this release. The most critical bug allows a remote attacker to execute arbitrary code outside of the sandbox. Other fixes are for high severity vulnerabilities such as use-after-free and spoofing, and fixes for medium severity as denial of service and security bypass.
This release is double the fixes than Google Chrome 36 fixed a month and a half earlier. Check out the Google vendor page for the full list of Google CVEs.