Microsoft to Release Mother of All Security Updates

Microsoft has announced that Tuesday's security update will include patches for a record-breaking 64 security problems. They include fixes for a number of particularly high profile problems announced in the past couple of months.

The update will be made up of 17 bulletins. That ties for the record, though this will be a new highest figure for the number of individual fixes.

One of the bugs that's being fixed involved a bug in the Windows Server Message Block ("SMB"), the system that controls networking and file-sharing. The bug was disclosed in February and could theoretically have been used to gain unauthorized remote access to a computer.

At the time, Microsoft said it was unlikely this could be practically exploited, a forecast that has thankfully proven correct. (Source: technet.com)

Web Page Bug a Tool For Hackers

The same can't be said of a bug involving MHTML, or "MIME Hypertext Markup Language", a format for combining all the elements of a web page into a single file.

While the bug, announced in January, initially appeared too complex to be exploited, it later emerged that hackers were using it in politically motivated attacks on specific websites. Microsoft has already issued a stopgap Fix It tool (which users had to manually download), but this update is designed to be a permanent solution, hence its rollout to all users.

Windows XP Through Windows 7 Affected

The security issues are widespread and affect Windows XP through Windows 7. Of the 12 bulletins that deal with issues in desktop editions of Windows itself, 10 affect Windows 7, 11 affect Vista and all 12 affect Windows XP.

As for what the record number of updates signifies, that's more open to debate.

While it's true that Microsoft has intentionally released all but the most urgent fixes for Internet Explorer in batches every second month, the fact remains that Internet Explorer is almost inherently the primary target for attacks by hackers due to the number of people using it online. (Source: computerworld.com)

Another explanation is that more problems are coming to light now that Microsoft is more flexible about the way it deals with independent security researchers.

At one point it demanded researchers keep details of bug discoveries completely silent. Today it is more likely to simply request that it be given time to begin working on a fix before hackers hear about the bug and begin trying to exploit it.