Microsoft has released 8 updates on Tuesday, 6 of them being labeled as “critical”. It seems that there is an issue with one of them (MS08-070) which affects Visual Basic 6.0’s runtime. Also, Visual Studio, FoxPro and FrontPage are still prone to buffer overflow (a vulnerability dating from April) because this month’s patch didn’t manage to address this issue.

There is also a cumulative fix for Internet Explorer but it seems that the patch doesn’t remove one of the browser’s vulnerability of mounting drive-by download attacks. Flaws in SharePoint Server and several bugs in Windows Media Player are also fixed in the security patch. One of the updates addresses security issues of Microsoft Office and Outlook, thus adding up to a total of 28 vulnerabilities of Microsoft’s software.

Representatives of antivirus and internet security companies state that these updates are crucial for the end users. Even though some of them will require several updates, users are recommended to update their systems as quickly as possible. Yet, the hassle pays off, as director of security at nCircle, Andrew Storms thinks that these critical updates will force hackers to ”celebrate the holiday season in their attack strategies."

As an irony, prior to this update, a new vulnerability of Internet Explorer was discovered this week. The “KnowSec” blog from China reported that the vulnerability issue still exists, even after fully deploying the new patches from Microsoft. This last cumulative patch of this year sums up the number of security patches released by Microsoft to 77, which is close to 69 patches released last year and shyly approaches the 100 security fixes released in 2000.