Microsoft Breaks Patch Records

"2006 already is a record year," said Jonathan Bitle, product manager with security company Qualys. "It's great that we're finding them prior to large-scale attacks, but at the same time it's a concern about the quality of [Microsoft's] code."

Thus far this year, there have been 51 security bulletins and 98 patches, 64 of which were deemed critical.

McAfee also noted the large number of critical patches released this year. In a blog entry, McAfee's Monty Ijzerman posted graphs that showed the rapid climb of critical fixes in 2006. However, "the number of important vulnerabilities has not changed," Ijzerman wrote.

Microsoft has released repairs for 64 critical vulnerabilities in 2006, with two-thirds of them --41 total -- coming in just the last three months. That tally easily exceeds that of either 2004 or 2005, and only narrowly misses matching the 2004-2005 total of 65.

The year's critical count is 72 percent higher than 2005, when Microsoft issued just 37 critical patches, and more than double 2004's 28 fixes.

And no end is in sight. "I think we'll see another large release from Microsoft next month. Last month was the browser-based vulnerability month, but in Tuesday's MS06-042 bulletin, there were only 8 IE patches," Bitle said. "Expect more in September."