Microsoft on Tuesday in the US released 10 patches for its software, but it failed to issue a planned critical Windows patch because of quality problems.
The software giant had said last week to expect 11 patches. However, a representative for the software maker said on Tuesday that the critical Windows patch "did not meet the quality bar" and so was not released.
Tuesday's 10 security bulletins, which include six critical fixes for both Office and Windows, are designed to fix more than two dozen flaws in Microsoft's software -- the largest bunch so far this year, said one security company.
"Although there are only 10 patches, they address 26 vulnerabilities, and it's the largest release for Microsoft this year," said Jonathan Bitle, manager of technical accounts at Qualys.
"This could be overwhelming for IT managers because they'll have to navigate what to patch and which to patch first."
The second-largest release was in August, when Microsoft's 12 patches put right 23 flaws.
Antivirus company Symantec said the updates include patches for Office flaws for which exploit code already existed, including an Excel vulnerability that surfaced in July and a Word exploit that emerged last month.
"The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus, and users should consider the installation of these patches to be a critical component of a smart security strategy," Symantec Security Response director Oliver Friedrichs said in a statement.
IT administrators may want to work particularly quickly in deploying three of the patches -- MS06-057, MS06-058 and MS06-060 -- Qualys' Bitle said.
Leave a comment