From: —

Microsoft (MS) yesterday issued a record Patch Tuesday update containing eight security bulletins, six of which were rated ‘critical’. The bulletins collectively address no fewer than 28 separate vulnerabilities in Windows, Internet Explorer (IE) and MS Office.

Visitors to the MS Update site were greeted with screens like this one:

As ZDNet’s Ryan Naraine reports, “ Most of the bulletins address client-side flaws that could be exploited via the browser or if a user opens a booby-trapped file. … The bulletin with the most patches (MS08-072) addresses a total of 8 flaws in the ubiquitous Microsoft Office software suite. According to Microsoft, the bugs could be exploited if a user is tricked into opening a rigged Word of RTF (Rich Text Format) file. … Another major bulletin is MS08-073, which covers 4 flaws in Internet Explorer, the world’s most widely deployed browser. These could be exploited if a user simply surfs to a specially crafted page in IE, making it a perfect target for drive-by download attacks.”

The ‘monster’ update was the largest update ussued by MS, in terms of the number of vulnerabilities it addresses, since the monthly Patch Tuesday Update schedule was introduced five years ago.

Leave a Reply