Microsoft plugs 22 security holes in Windows, Internet Explorer and MS Office

Microsoft has issued 12 security bulletins which address 22 vulnerabilities in its Windows products. Five of these vulnerabilities have been rated critical by Microsoft and businesses are advised to update their software accordingly.

Joshua Talbot, security intelligence manager, Symantec Security Response said Microsoft’s security updates plugs an exploit already being used in attacks in the wild.

“Among the six previously public vulnerabilities fixed, the Internet Explorer Cascading Style Sheet issue is the only one Symantec is seeing actively being used in attacks,”

“The attacks aren’t extremely widespread, but we did recently see a spike in activity. IT managers should patch this right away, especially those that have not implemented the temporary work-around released last month.”

“At least one of the other critical Internet Explorer vulnerabilities patched is also likely to be exploited.” Talbot added. “The uninitialized memory corruption vulnerability appears to be even easier to take advantage of than the Cascading Style Sheet flaw. So, if cybercriminals are able to reverse engineer the patch – and they will certainly try to – we’ll probably see exploits for that one, too.”

“It’s great to see so many vulnerabilities getting fixed, but months like this can be challenging for IT managers,” Talbot concluded.

“Considering Adobe is also releasing a security update today and a major Java release is expected from Oracle in the coming weeks, February is going to be busy. The key will be prioritizing. Patch all the ‘critical’ vulnerabilities first, and then move on from there.”

Businesses using Microsoft Windows software should seriously consider updating their systems to patch the security holes addressed in Microsoft’s update.

Information on Microsoft’s security bulletin for this batch of updates can be found here.

Related Stories