Microsoft issues patches for a record 49 security holes

If your Network Security is in question, this article might motivate you to take action. Orange County Computer^® is here to help.

Article written by USA Today’s Brian Acohido, October 13, 2010

Be nice to the tech folks who keep your company’s computers safe.

Microsoft Tuesday issued its largest ever batch of security patches — essential fixes for a record 49 security holes. What’s more, Oracle this week published its quarterly security update pushing out patches for 81 vulnerabilities in a wide array of Oracle and Sun Microsystems software. (Oracle recently acquired Sun.)

“It’s yet another record ‘Patch Tuesday’ for Microsoft, with updates spanning across products,” said James Walter, manager of the McAfee Threat Intelligence Service. “The volume is indicative of a trend where we’re seeing among various software vendors. As the awareness of vulnerabilities increases, the number of patches get bigger as well.”

But that’s not all. Apple also recently released a security patch for a file-sharing issue in OS X, which could allow a remote hacker to take control of your Mac. Adobe last week pushed out critical patches for 23 vulnerabilities in Adobe Reader and Adobe Acrobat for Windows, Mac and Linux.

“There’s no rest for the weary,” says Paul Henry, cybersecurity firm Lumension’s forensics and security analyst. “Patching this many total vulnerabilities is scary indeed and, if not managed correctly, they will certainly have a massive impact on corporate productivity.”

Security experts predict workday interruptions as these patches are tested and installed. “These updates will require a restart, shutting down computer systems for a period of time,” says Henry. “In some instances, this can take up to 20 minutes.”

Many of the Microsoft patches are for older versions of Office and Internet Explorer Web browser, including critical updates for Internet Explorer 6, 7 and 8, that are “relatively easy to exploit,” says Wolfgang Kandek, CTO of patch management firm Qualys.

Some 24 vulnerabilities are patched in older versions of Office, so “users should apply both updates as quickly as possible,” says Kandek. “Even the new Word 2010 is affected by two of the vulnerabilities. This shows that achieving a bug-free record is near-impossible.”

Why is Microsoft still finding and patching so many security holes?

Much of it has to do with the software giant’s continued aggressive approach to finding holes before cybercriminals do. “Microsoft is working closer than ever with security researchers,” says Jason Miller, data and security team leader at Shavlik Technologies. “By working with researchers, Microsoft is closing the gap on the time to release fixes for vulnerabilities found. This is a key factor that a lot of people have been asking for, so we shouldn’t be too surprised that we are seeing an uptick in security bulletins.”