Microsoft release biggest update in 18 months
Today is a perfect storm of client-side issues,” said Amol Sarwate, manger of Qualys Inc.’s vulnerabilities research lab. “Most or all of Microsoft’s client-side applications are affected or patched.”
At least two of the vulnerabilities have already been exploited in the wild, Microsoft acknowledged. Those two, plus another pair, said one security researcher, should be considered “zero-day” bugs because technical details about the flaws had been circulating prior to today.
“It’s all about the count today,” Sarwate said. “This is the largest update in 2008, and the largest in the last 18 months. We have two that we know have been exploited and four zero-days.”
Even though today’s updates — 11 total bulletins, six of which were tagged as “critical,” Microsoft’s highest threat rating — set a 2008 record, Microsoft left one expected fix off the table. Last week, it said it would patch one or more critical flaws in Windows Media Player 11, the version bundled with Windows Vista.