Microsoft Tuesday patched 34 vulnerabilities in Windows, Internet Explorer (IE), Office and other software, 15 of them labeled “critical” by the company.
The large number of updates — as well as the fact that Microsoft issued them two hours later than usual — will put pressure on enterprise administrators, one expert said.
“No doubt IT administrators will have to pick and choose where to act first,” said Wolfgang Kandek, chief technology officer for Qualys.
Of the 16 updates, which Microsoft calls bulletins, nine were pegged critical, the most-serious rating in the company’s four-step scoring system, while the remaining seven were tagged “important,” the next-most-dangerous category.
While the number of bugs patched today was significantly less than the record 64 Microsoft fixed in April, it was the second-highest total for the year. The 16 bulletins were just one off the record, also set last April.
Fifteen of the 34 total vulnerabilities were rated critical, 17 were ranked important, and two were marked as “moderate.”
Microsoft picked four of the 16 updates to highlight, and urged customers to roll out the quartet as soon as possible.
“Our top priorities are MS11-050, MS11-052, MS11-043 and MS11-042,” Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), said in an interview earlier today. Bryant listed the four in the order of priority.
Among the deploy-immediately bulletins, MS11-050 offered 11 patches for IE that Microsoft and independent experts pinned to the top of their lists.
“This one is at the top of the list, as it always is when Microsoft patches IE,” said Andrew Storms, director of security operations for nCircle Security. “But it’s also the first IE9 update, and certainly does look to be true that Microsoft had this bug at the time it launched IE9, or a few days later.”
Browse our selection of new, free, tablet-friendly digital editions!