Microsoft initiated the global rollout of this month’s Patch Tuesday updates late last night, and managed to break a few records in the process. A total of 66 vulnerabilities have been fixed in various software.
These flaws were discovered in Windows, Office and Internet Explorer.
Two of these updates are aimed at the company’s flagship web browser, and fix 59 issues in Internet Explorer, with the most severe of them allowing an attacker the same rights as a logged in users. A couple of these were public, while the remaining 57 were privately reported.
Redmond apparently had been collecting these privately reported vulnerabilities for some time, one of them discovered at HP’s Zero-Day Initiative six months back.
As the company puts it:
“The security bulletin for Internet Explorer (IE) resolves 59 items, including CVE-2014-1770. The most serious of these could allow remote code execution if a user views a webpage specially crafted by a cybercriminal. We still haven’t seen any active attacks attempting to exploit any of the other CVEs addressed by this bulletin.”
The second critical update addresses two flaws in Microsoft Graphics Components that could be used to allow remote code execution, and affects Windows, Office, and Lync.
Microsoft recommends everyone to prioritize the deployment of these two updates.
In any case, this is a very significant Patch Tuesday update release, and as is usually the case, all these patches are currently being delivered via the Windows Update option, meaning minimal user interaction required. Except for a reboot or two, of course.