Microsoft has issued a record breaking set of patches to address security flaws in the software giant’s products including Windows, Office, Internet Explorer and Exchange.
Containing 17 security bulletins, the December update beats the previous-best October update of 16 bulletins although fewer individual product vulnerabilities were addressed this time around.
Two of the bulletins are graded as ‘critical’ which means that exploits for the vulnerability are known to exist in the wild, one of which addresses older versions of Internet Explorer than version 8 while the other involves a weakness in the OpenType Font driver.
The font vulnerability is particularly nasty since it can allow malicious code to be executed merely by browsing a directory that contains an infected file. Curiously it’s just Windows Vista and Windows 7 which are affected with older versions of Windows unaffected due to the inclusion of the shell preview functionality in the later versions of Windows.
Other updates include another fix for the vulnerabilities exploited by the sophisticated Stuxnet worm while another addressed a flaw in Microsoft Office’s graphics filters which also considered serious since images embedded in web pages and email can exploit the flaw in order to gain access to the host computer.
40 vulnerabilities in all have been addressed in the mega patch. Microsoft also announced that it would be back porting the firm’s Office File Validation feature from Office 2010 into older versions including Office 2007 and 2003 since the feature is considered highly useful in blocking malicious attacks via mal-formed Office file formats.