On the same day it announced the purchase of antivirus software vendor Sybari Software, Microsoft seeded the internet with raw material for a possible future harvest of new worms and viruses, releasing 12 software patches today to fix 16 vulnerabilities in the Windows operating system and Office desktop software.
The patches include eight fixes for critical security holes that could be used to run malicious code on affected computers. Together, they represent one of the largest single-day releases since Microsoft switched to a monthly patch approach in October 2003.
The release provides fixes for almost every supported version of Windows, including the recently updated Windows XP Service Pack 2, and patches for holes in everything from critical Windows components to the Internet Explorer web browser and MSN Messenger IM application.
These are among the most serious holes Microsoft addressed:
With the exception of the Internet Explorer vulnerabilities, Microsoft does not know of any active attacks that try to exploit the vulnerabilities, which were all discovered by security researchers outside of the company.
Microsoft recommends that PC owners assess their exposure to the vulnerabilities and apply all applicable software patches as soon as possible, he said. If you are not using Microsoft's Automatic Update, you can check out all the patches here.
Aware of the burden placed on enterprise security managers, Microsoft also released an Enterprise Scanning Tool to help detect vulnerable computers and supplement the Microsoft Baseline Security Analyzer, according to information supplied by the company.
The company is also increasing the number of webcasts it holds to discuss deployment of the security updates, anticipating an increased need for help with the large patch release, Toulouse said.