Patch Tuesday addresses remote code flaws in HTTP and Internet Explorer

Microsoft updated four critical flaws that could have left users vulnerable to attacks using remote code execution in a lighter-than-average Patch Tuesday.

The critical updates centre on vulnerabilities in HTTP.sys, Internet Explorer, Microsoft Office and Microsoft Graphics component.

The HTTP.sys patch will resolve a flaw in Windows that could allow remote code execution if an attacker sends a specifically crafted HTTP request to an affected system, said Microsoft. The vulnerability is understood to affect all versions of Microsoft Server from 2008 onwards.