Microsoft on Tuesday issued nine security updates addressing 21 separate flaws in products such as Windows, Internet Explorer (IE), .NET, Silverlight, and SharePoint. Several of the fixes address critical flaws, including some that could aid in so-called drive-by attacks.
The fixes come as part of Microsoft's regularly scheduled Patch Tuesday event. And the software giant noted that it has now been providing these regular fixes, and the associated guidance, for a bit over 10 years.
"Today we released nine security bulletins," a blog post from the Microsoft Research and Defense team's Jonathan Ness reads. "Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important."
Two of the updates stand out.
Security bulletin MS12-010 addresses four critical vulnerabilities in Microsoft's web browser, Internet Explorer (IE), including some that could be used in drive-by attacks. None of the security flaws fixed by this update were previously revealed to the public, so no known attacks exist. That could change with the publication of the fix, however.
MS12-013 addresses a critical memory-corruption vulnerability in Windows and could also lead to drive-by attacks that launch Windows Media Player via a web browser. The possibility of this flaw being exploited is considered remote.
If you're interested in more information about these and the other flaws fixed by this month's Patch Tuesday, Microsoft as usual will host a webcast today, on Wednesday, at 11 am PST.
Separately, Microsoft looked back at 10 years of Patch Tuesday bulletins in a post to the Microsoft Security Response Center blog. (Microsoft refers to Patch Tuesday as Update Tuesday.)
"Update Tuesday, which brings us here today, is one of the most prominent results of that famous Bill Gates memo that put security at the center of Microsoft's development and support efforts just over 10 years ago," Microsoft's Angela Gunn writes in the post. "We Trustworthy Computing folks tend to look more to the future than to the past, but on the 10-year anniversary a few of us sat down to talk about incident response, the security ecosystem, and how Microsoft collaborates with the industry."
Links to those discussions can be found in the post, "MSRC looks back at ten years, and the February 2012 bulletins".