Microsoft's August Patch Wednesday release of security fixes plugs a total of 37 vulnerabilities in Internet Explorer, SQL Server, OneNote, SharePoint, the .NET framework and the Windows operating system, with two updates rated as critical.
Of the nine security bulletins, the MS14-051 cumulative update for Internet Explorer has the highest severity rating. Microsoft said there are currently active attacks for one of the 26 security fixes in MS14-051 and has modified its Exploit Index (XI) with a new rating of 0 to reflect this.
Also rated as critical is a flaw in Windows Media Centre that allows remote code execution when attackers use specially crafted Microsoft Office files.
Microsoft is also releasing a fix for vulnerabilities in the Adobe Flash Player ActiveX control in Internet Explorer. It applies to Internet Explorer 10 and 11 on Windows 8 and 8.1 (32 and 64-bit), Windows RT and RT 8.1, as well as Windows Server 2012 and 2012 RT, the company said.
Adobe also today released seven updates for critical vulnerabilities in its Flash Player, applying to Windows, Linux and Apple OS X, as well as new versions of its AIR runtime for the same platforms, and Google's Android.
Microsoft reminded users of last security policy updates announced last week that include blocking of outdated ActiveX controls in Internet Explorer, and support for only the most recent versions of its .NET framework.