Microsoft pushed patches for 12 vulnerabilities out of the door yesterday, six of them classed as critical and six of them important.
While it is not unprecedented for the vendor to issue a dozen patches, this is on the high side. But at least the vendor can console itself that it did not have to issue any patches for its flagship OS Vista, which only hit consumers at the end of last month. Still, it’s only early days.
As it was, the critical patches spanned a broad range of Microsoft technology, with vulnerabilities in HTLM Help, Data Access Components, Word, and Office, and, our favourite, in the Microsoft Malware Protection Engine. A cumulative security patch for Internet Explorer rounded out the critical vulns, all of which could allow remote code execution.
The Important vulnerabilities patched spanned Interactive Training, the Windows Shell, Windows Image Acquisition Service, Microsoft OLE dialog, Microsoft MFC and Rich Edit. However, it wasn’t all remote execution – Shell and Image Acquisition bugs allowed elevation of privilege.
More info available here.®