The flaws, more than half of which received a "critical" rating, run the gamut from Windows Explorer and Internet Explorer to Word and Excel and PowerPoint. Microsoft on Tuesday released 10 security updates, one less than anticipated, that patched a record 26 vulnerabilities in Windows, Office, and .Net. More than half of the flaws were pegged "critical" by the Redmond, Wash. developer. Tuesday's tally was impressive by any count: 6 of the 10 updates were judged critical, with the remaining split among Microsoft's other rankings: "important" (1), "moderate" (2), and "low" (3). Of the 26 disclosed vulnerabilities, 15 were labeled critical, 6 important, 2 moderate, and 3 low. Both the total vulnerabilities and the number of critical vulnerabilities set new records for Microsoft in its monthly patch process. "This is very rich lot," said Minoo Hamilton, a senior security researcher with patch management vendor nCircle. "There's everything in here from Windows Explorer and Internet Explorer to Word and Excel and PowerPoint." Every one of the half-dozen bulletins marked critical should be paid attention, said Hamilton. "They're all remotely exploitable, and in some cases across the [OS] board." Several of the updates fix flaws that hackers are already exploiting, including MS06-057, which patches the WebViewFolderIcon bug known -- and used -- since the end of September. Others patching already-exploited vulnerabilities include the MS06-058 update for Microsoft Office PowerPoint and MS06-060, a fix for Microsoft Word. Full Story: [link=http://www.informationweek.com/software/showArticle.jhtml?articleID=193200427&subSection=Operating+Systems]Information Week[/link]
is this really news? lol (How long has windows XP been on the market? i wonder what the average monthly (remotely exploitable) patch count has been... (too high!)
