Over 30 flaws fixed in Microsoft’s biggest patch day
Windows, Internet Explorer and Office are patched up, but a DirectX flaw that hackers have been actively targeting isn’t.
Microsoft has released a big round of patches, with ten new security bulletins addressing a total of 31 vulnerabilities.
Symantec said the 31 flaws were the largest number of vulnerabilities addressed in a single release by Microsoft, with the previous record being 28 last December.
Of the 31 vulnerabilities, 17 were rated as critical. Six of the ten bulletins affected Windows, one of them Internet Explorer (IE), and three for Office (Word, Excel and Works).
Many security vendors agreed that the most significant bulletin was for IE, a cumulative update that addressed the first IE8 vulnerability.
The IE 8 vulnerability was found during the Pwn2Own hacking competition held in March, where a German researcher known as Nils exploited a flaw in a pre-release version of IE8.
The IE bulletin also fixed separate vulnerabilities across IE 6 and IE 7 for both XP and Vista, with other bulletins fixing an issue that allowed hackers to run code on a Mac running Powerpoint, as well as a server issue with Internet Information Services (IIS).
Microsoft has still not fixed a flaw in DirectShow QuickTime that hackers were actively exploiting at the beginning of this month.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.