Microsoft today issued 17 software updates to plug a total of 40 security holes in computers running its Windows operating system and other software. December’s bounty of patches means Microsoft fixed a record number of security vulnerabilities this year.
According to Microsoft, the most urgent of the patches is a critical update that fixes at least seven vulnerabilities in Internet Explorer versions 6, 7 and 8, including three that were publicly disclosed prior to today’s update. Microsoft said that at least one of the public flaws is already being actively exploited.
Microsoft also called special attention to the only other critical bulletin in the batch – a vulnerability in the OpenType Font Driver in Windows. Redmond warns that an attacker could compromise a machine on a network simply by getting a user to open a shared folder containing a malicious OpenType font file.