Yesterday, Microsoft rolled out its regular “Patch Tuesday” release of security updates. This month’s update was huge: it included 12 bulletins addressing 57 security vulnerabilities.
Brian Prince with eWeek reported, “Microsoft released fixes for a whopping 57 security vulnerabilities as part of this month’s Patch Tuesday. The patches are tucked inside 12 different security bulletins, five of which have Microsoft’s highest security rating of ‘critical.’ The issues solved by the update span a number of products, including Microsoft Windows, Office, Internet Explorer (IE), Microsoft Exchange Server and the .NET Framework.”
Sean Michael Kerner with eSecurity Planet noted, “Once again, Microsoft is dealing with vulnerabilities in its Internet Explorer (IE) browser this month. Fourteen different vulnerabilities in IE, spread across two separate bulletins are being fixed. ‘It’s just so messed up that it couldn’t be fixed in one bulletin,’ said Marc Maiffret, CTO of BeyondTrust.
PCMag quoted Lumension security analyst Paul Henry who said, “It’s going to be a rough Valentine’s Day for many IT admins this month. With ongoing issues with Java and 12 bulletins from Microsoft, including 5 critical issues and many restarts, it’s going to be a very disruptive Patch Tuesday.”
And Gizmodo’s Leslie Horn observed, “Weird thing about this update? More than half of the bugs found in Microsoft products were reported by none other than Google engineers.” She added, “Bugs are probably found because engineers are researching other products, like Google Chrome’s PDF viewer. These guys also just might be genuinely interested in finding flaws. But Microsoft would probably like to see some of its own employees addressing the problems.”