Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.
"This will be the most bulletins we have ever released in a month; we have released 13 bulletins on a couple of occasions," Angela Gunn, security response communications manager at Microsoft, wrote in a blog post. "However, in total CVE [common vulnerabilities and exposures] count, this release ties with June 2010, so there's no new record there."
Affected software includes: Windows 7; Windows XP; Vista; Windows Server 2003 and 2008; Windows Server 2008 release 2; IE 6, 7 and 8; Office XP Service Pack 3; Office 2003 Service Pack 3; 2007 Microsoft Office System Service Pack 2; Office 2004 and 2008 for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel and PowerPoint; 2007 File Formats Service Pack 2; Microsoft Works 9; and Silverlight 2 and 3.
The IE, Office, and Silverlight updates fix an increasingly used type of flaw "where attackers and malware go through the installed applications rather than through the core operating system," said Qualys CTO Wolfgang Kandek.
"Windows XP SP2 users do not have any patches supplied to them, even though the five critical vulnerabilities for XP SP3 most likely apply to their discontinued version of the OS as well," he said. "Windows XP SP2 users should upgrade to SP3 as quickly as possible."
Earlier this week, Microsoft released an emergency patch for a critical Windows vulnerability that was being exploited by a fast-spreading virus and other malware. The so-called "shortcut" vulnerability could be used by attackers to take control of a computer.