Microsoft issued a record number of software updates today, releasing 14 update bundles to plug at least 34 security holes in its Windows operating system and other software. More than a third of flaws earned a “critical” severity rating, Microsoft’s most serious. Separately, Adobe released an update for its Flash Player that fixes a half-dozen security bugs.
Microsoft tries to further emphasize which critical patches should be applied first, and it does this largely by assessing which of the flaws appear to be the easiest and most reliable to attack. According to an analysis posted on the Microsoft Security Response Center blog, the most dangerous of the critical flaws patched this month involve media file format and Office bugs.
Specifically, Microsoft pointed out a critical flaw in Microsoft Silverlight and its .NET Framework, as well as bugs in the Microsoft MPEG-Layer 3 and Cinepak codecs. All of these media format vulnerabilities are critical and could be exploited merely by loading a tainted media file, either locally or via a Web browser, Redmond said.
The software giant also urged customers to quickly deploy a patch that fixes at least four vulnerabilities in Microsoft Office, the most severe of which could lead to users infecting their PCs with malware simply by opening or viewing a specially-crafted e-mail.
More details on the rest of this month’s updates are available here. Just a quick note about this patch batch for consumers: It might not hurt to wait a day or two before applying the Microsoft updates. Given the sheer number of vulnerabilities addressed in this release, there is a good chance that one or more of them may turn out to cause problems for some customers. Also, there don’t appear to be any online threats actively exploiting any of these flaws at the moment.
In other news, Adobe released a patch for its ubiquitous Flash Player that fixes at least six flaws in Flash. The newest version brings Flash to v. 10.1.82.76. If you’d like to know what version of Flash you are currently using, browse to this link.
Note that if you use both Internet Explorer and non-IE browsers, you’re going to need to apply this update at least twice, once by visiting the Flash Player installation page with IE and then again with Firefox, Opera, Chrome or whatever other browser you use. Also, unless you want some “free” software — like McAfee Security Scan or whatever Adobe is bundling with Flash player this month — remember to uncheck that option before you agree to download the software.
Finally, a blog post I published on Sunday incorrectly stated that Adobe would be issuing an update for its PDF Reader software today. Adobe plans to release the Reader update next week.
As always, please drop a note in the comment section below if you experience any issues applying these updates.