Microsoft Windows and Office Plugs 26 Vulnerabilities With 13 Patches In Record Update

Microsoft released patches for 26 recently-discovered security holes affecting users of Windows and Office. It is urging companies, in particular,  to prioritize patching certain vulnerabilities  that are likely to precipitate active cyberattacks within the next 30 days.

The most worrisome security holes are easy for cybercriminals to exploit. Bad guys routinely reverse engineer Microsoft's patches and quickly create and spread malicious programs designed to seek out and take of control of PCs that aren't current on patching, security experts say.

Microsoft  normally issues security updates on the second Tuesday of each month, known as Patch Tuesday. Most home PC users get security updates automatically, via Windows auto update. Home users just need to follow prompts to restart their PCs, once the patches are downloaded to their harddrives.

Andrew Storms, director of security operations at nCircle, says MS10-013, a Microsoft media player flaw, is the most dangerous vulnerability. "The nature of the exploit lends itself to drive-by attacks that leave unsuspecting victims infected," he said in an e-mailed statement. "Since media is what excites people most on the Internet today, an exploit of this bug would make it extremely easy to entice users to watch videos that are actually gateways to malware."

However, corporations typically take weeks to test security updates and install them company wide. "While everyone has been focused on the volume of updates today, it should be noted that there are 12 vulnerabilities with Microsoft's highest exploitability rating," says  Sheldon Malm,  senior director of security at vulnerability management firm Rapid 7. "This certainly raises the bar for customers to plan, test, and rollout these updates more quickly than usual."

Source: informationweek/USATODAY