Microsoft delivers massive Patch Tuesday, fixes 34 flaws
Unlucky 13 updates plug multiple 'zero-day' holes, including one Microsoft had kept secret until now
By Gregg Keizer
October 13, 2009 02:44 PM ET
Computerworld - Microsoft today delivered a record 13 security updates that patched 34 vulnerabilities in every version of Windows, including the not-yet-for-sale Windows 7, as well as in Internet Explorer (IE), Office, SQL Server and other parts of its software portfolio.
The 34 flaws were also a record number for Microsoft, the most holes patched in one sitting since Microsoft switched to a regular monthly update schedule six years ago. The closest competitor was December 2008, when the company quashed 28 bugs
"To anyone following Apple, this isn't a big surprise," said Andrew Storms, director of security operations at nCircle Network Security, referring to Microsoft's operating system rival, which typically issues security updates that include scores of fixes. "But this is certainly an unprecedented month for Microsoft."
Microsoft ranked 8 of the 13 updates and 21 of the 34 vulnerabilities as "critical," the top rating in its four-step scoring system. The remainder of the bulletins were judged "important," the next threat level down, while nine of the flaws were also pegged important, and the final 4 were tagged as "moderate."
Among today's patches were several for zero-day vulnerabilities -- bugs for which exploit code had already gone public. One of the zero-day vulnerabilities was undisclosed until today.