Microsoft has plans for a gigantic Patch Tuesday next week, when it will plug 40 security vulnerabilities across a number of products, including critical bugs impacting Internet Explorer and Microsoft Windows.
The bugs will be squashed by a total of 17 security bulletins, two of which are rated "critical." One of the two critical bulletins affects Internet Explorer (IE) versions 6, 7 and 8, while the other bulletin impacts Windows XP, Vista and Windows 7, as well as Windows Server 2003 and 2008.
Microsoft first warned about the critical IE bug last month. According to the company, the vulnerability exists due to an invalid flag reference in the browser that can be accessed after an object is deleted. The bug has been under attack, prompting Microsoft to release an advisory with a handful of workarounds.
Of the remaining bulletins, 14 are rated "moderate," and the final bulletin is rated "Important." Included in the mix this month is a patch for a local privilege escalation vulnerability used by the notorious Stuxnet worm, closing the last zero-day used by the malware.
For more, read the eWeek article: Microsoft Patch Tuesday to End Year with Massive Update.