Categories: PCSecurityWorkspace

Microsoft To End Year With Massive Security Update

Microsoft is looking to ship a huge quantity of bug fixes in this month’s Patch Tuesday update, that will plug 40 security vulnerabilities across a number of products.

The bugs will be squashed by a total of 17 security bulletins, two of which are rated “critical.”

One of the two critical bulletins affects Internet Explorer (IE) versions 6, 7 and 8, while the other bulletin impacts Windows XP, Vista and Windows 7, as well as Windows Server 2003 and 2008.

Critical IE Bug

Microsoft first warned about the critical IE bug last month. According to the company, the vulnerability exists due to an invalid flag reference in the browser that can be accessed after an object is deleted. The bug has been under attack, prompting Microsoft to release an advisory with a handful of workarounds.

Of the remaining bulletins, 14 are rated “moderate,” and the final bulletin is rated “Important.” Included in the mix this month is a patch for a local privilege escalation vulnerability used by the notorious Stuxnet worm, closing the last zero-day used by the malware.

Twice this year, Microsoft has broken its record for the most security patches ever. In October, Microsoft set a new benchmark with the release of 16 security bulletins to cover 49 vulnerabilities across Windows, Internet Explorer, Microsoft Office and the .NET Framework.

Record Number

“Looking back over 2010, that brings the total bulletin count to 106, which is more bulletins than we have released in previous years,” blogged Mike Reavey, director of the Microsoft Security Response Center. “This is partly due to vulnerability reports in Microsoft products increasing slightly, as indicated by our latest Security Intelligence Report.”

The high number of advisories will present a challenge to all Windows system administrators, especially with the holidays shortening the available working hours, said Wolfgang Kandek, CTO of Qualys.

“There are two advisories for Microsoft Office file format vulnerabilities that should be looked at closely and potentially prioritised by IT administrators,” he said.

The update is slated for release 14 December.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

12 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

14 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

16 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

16 hours ago