Microsoft has released 16 patches to fix an unprecedented 49 vulnerabilities in its products, including Windows, Internet Explorer, MS-Office and Microsoft Word 2010. This comes on the same day that Oracle released patches for 81 vulnerabilities.
The release of 130 vulnerabilities on the same day is like giving gold dust to the hacking community. The moment a vulnerability is disclosed cyber criminals get to work developing exploit code to take advantage of the identified holes. With the significant number of holes identified on the same day, businesses will be racing against time to fix them all.
Not only is this Microsoft’s largest patch load on record, but 23 of the vulnerabilities are rated at the most severe level on its exploitability index. With level one warning that exploit code could be crafted in such a way that an attacker could consistently exploit that vulnerability, the urgency is placed on applying these fixes. The patch that computer users should pay particular attention to is the cumulative security update, MS10-071, for Internet Explorer. If exploited, computer users could hand over control of their computer systems by simply clicking on a specifically crafted web page.
Also in the bag of patches is a fix for one of the three vulnerabilities exploited by the Stuxnet attack. MS10-073 addresses the Win32k Keyboard Layout Vulnerability, which hands over administrator rights on infected PCs.
The most challenging thing for businesses when patches are released is to shut the open doors to their computer systems, before the hacker works out how to walk through them. But the process isn’t as easy as clicking a button for big businesses. Patches effectively change a network and any change has the potential to knock over their IT systems. Organisations need to test the patches against their specific network makeup before they apply them, to ensure they don’t interrupt their business.