- Microsoft today patched 12 vulnerabilities in Windows, Office and Internet Explorer (IE), including three critical bugs in the company's newest browser, IE8.
Of the 12 flaws fixed in Tuesday's six security updates, seven were rated "critical," the highest severity ranking in Microsoft
's four-step scoring system. Four of the remaining flaws were pegged as "important," one step lower on the scale, while the final vulnerability was labeled "moderate."
Security researchers unanimously voted MS09-072
, the five-patch update for IE, as the one that demands immediate
"That's certainly the one to watch," said Andrew Storms, the director of security operations at nCircle Network Security.
"You can't focus enough attention on the IE update. It trumps the bunch."
Richie Lai, the director of vulnerability research at security company Qualys, echoed Storms. "MS09-072 affects IE, which is a big attack surface," said Lai, "and the vulnerabilities are primed to be exploited by classic drive-by attacks."
"Definitely take a look at that one," chimed in Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. "Browser attacks are the most prevalent of all attacks."
One of the five fixes included in the IE update addressed the zero-day vulnerability that Microsoft confirmed last month
after sample attack code
that exploited a flaw in IE's layout parser went public.
More.............Microsoft patches 12 bugs, including IE8-only flaws