Microsoft pushed patches for 12 vulnerabilities out of the door yesterday, six of them classed as critical and six of them important.

While it is not unprecedented for the vendor to issue a dozen patches, this is on the high side. But at least the vendor can console itself that it did not have to issue any patches for its flagship OS Vista, which only hit consumers at the end of last month. Still, it’s only early days.

As it was, the critical patches spanned a broad range of Microsoft technology, with vulnerabilities in HTLM Help, Data Access Components, Word, and Office, and, our favourite, in the Microsoft Malware Protection Engine. A cumulative security patch for Internet Explorer rounded out the critical vulns, all of which could allow remote code execution.

The Important vulnerabilities patched spanned Interactive Training, the Windows Shell, Windows Image Acquisition Service, Microsoft OLE dialog, Microsoft MFC and Rich Edit. However, it wasn’t all remote execution – Shell and Image Acquisition bugs allowed elevation of privilege.

More info available here.®

• Microsoft releases security tool for Office 2003 (22 May 2007)
• Five critical reasons to update Windows today (11 April 2007)
• MS cursor patch fix pushes into Patch Tuesday litter (10 April 2007)
• Microsoft's search excels in spreading malware (20 March 2007)
• MS skips March Patch Tuesday (9 March 2007)
• MS plans 'dirty dozen' patch release (9 February 2007)
• Oracle blocks 51 security holes (17 January 2007)
• MS January patch update omits critical Word fix (10 January 2007)
• MS culls Patch Tuesday litter (8 January 2007)