Computerworld - Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Of Tuesday's 13 updates, called "bulletins" by Microsoft, two were labeled "critical" -- the most-serious rating in the company's four-step score -- nine were marked "important," the next-most-dangerous category, and two were pegged as "moderate."
Three of the 22 individual vulnerabilities patched today in the baker's dozen of bulletins were rated critical. The remainder were split -- 15 and four, respectively -- between important and moderate.
Researchers today called out MS11-057, which patches seven flaws in Internet Explorer (IE), as the most important to patch pronto.
"This is the anticipated IE update, about what we expected," said Andrew Storms, director of security operations at nCircle Security, referring to Microsoft's habit of updating its browser every two months. "The most important thing here is that it affects IE9."
Today's IE update was the second to patch critical vulnerabilities in IE9 on Vista and Windows 7. Microsoft first fixed a critical IE9 bug in June.
"MS11-057 affects all Windows versions, and all it takes is a malicious [Web] page to take control of a PC," echoed Wolfgang Kandek, chief technology officer for Qualys. "It's a no-brainer to put this at the top of the list."
Read more - Computerworld