Microsoft Releases 14 Patches Today
Microsoft is releasing 14 new security bulletins today that patches 34 different vulnerabilities in its Windows operating system (OS) and software. Eight of the holes are critical while six are rated important.
The 34 vulnerabilities, which tie a record with the number of holes Microsoft patched in June, are in Windows, Office, Internet Explorer, SQL Server and Silverlight, according to the bulletin.
The affected software includes: Windows 7; Windows XP; Vista; Windows Server 2003 and 2008; Windows Server 2008 release 2; IE 6, 7 and 8; Office XP Service Pack 3; Office 2003 Service Pack 3; 2007 Microsoft Office System Service Pack 2; Office 2004 and 2008 for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel and PowerPoint; 2007 File Formats Service Pack 2; Microsoft Works 9; and Silverlight 2 and 3.
According to Microsoft, the company will deliver 10 updates for Windows, five are rated critical, the other five are rated important. Two updates will patch one or more critical bugs in Silverlight and IE, while two others will fix flaws in Office. [ Read "The 3 Most Common Types of PC Virus Infections ."]
“This will be the most bulletins we have ever released in a month; we have released 13 bulletins on a couple of occasions,” Angela Gunn, security response communications manager at Microsoft, wrote in a blog post. “However, in total CVE [common vulnerabilities and exposures] count, this release ties with June 2010, so there’s no new record there.”
In his blog, Wolfgang Kandek, CTO of Qualys Inc., offers an analysis of the Microsoft patches.
“Including the LNK update, nine bulletins have a rating of critical and affect all version of the Windows OS, Internet Explorer, Silverlight and Microsoft Office,” Kandek wrote.
“Windows 7 and 2008 R2 have a smaller number of critical vulnerabilities than Windows XP and 2003 in function of their improved security architecture, but are still affected by two critical vulnerabilities each.”
Kandek said Internet Explorer, Office and Silverlight updates apply across the board on all Windows versions. He said they represent a type of flaw where attackers and malware go through the installed applications rather than through the core operating system.
He said Windows XP SP2 users do not have any patches supplied to them, even though the five critical vulnerabilities for XP SP3 most likely also apply to their discontinued version of the OS. Kandek advises all Windows XP SP2 users to upgrade to SP3 as quickly as possible.
