Microsoft Prepping Massive Security Update To Patch Near-Record 57 Bugs
Microsoft announced it will issue 12 security updates on Tuesday, Feb. 12, to patch a near-record 57 bugs in Internet Explorer (IE), Windows, Office, and Exchange.
The all-time record so far is for a total of 64 vulnerabilities patched in April 2011, but the 57 bugs to be fixed next week draw very close to that record.
Microsoft's security bulletin includes five critical ratings and seven important warnings. Five of the 12 updates will rank as "critical," which is Microsoft's highest rating. The remainder will rank as "important," the next step below "critical."
"A vulnerability whose exploitation could allow code execution without user interaction" is considered critical, according to Microsoft. "These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warning or prompts. This could mean browsing to a web page or opening email."
"A vulnerability whose explanation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources," meanwhile, is considered important. "These scenarios include common use scenarios where client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability. Sequences of user actions that do not generate prompts or warnings are also covered."
Of those five critical updates, two will address bugs in Windows XP Service Pack 3 (SP3) and Windows Vista. Five of the important updates will affect Windows 7, four will deal with Windows 8, while XP SP3 and Windows RT get three updates each.
Among the updates tagged as critical, IE gets two separate updates that will patch IE 6, IE 7, IE 8, IE 9, and the latest IE 10. Until now, Microsoft has never issued more than one update a month for the same browser.
Microsoft will be hosting a Webcast on Wednesday, Feb. 13, at 2 p.m. EST, to address any questions customers may have regarding the security bulletins. Interested users can register at this link to watch the webcast, which will be available on-demand after Feb. 13.
Until Microsoft posts the patches, using another browser instead of Internet Explorer may be a safer bet.