Microsoft Patches Six Critical Flaws

Microsoft released Tuesday nine patches for 21 software vulnerabilities, with the most serious affecting Windows, Internet Explorer and the Silverlight media player.

Of the nine collections of patches, which Microsoft calls security bulletins, four fixed a total of six critical flaws. The IE and Silverlight patches should be installed as soon as possible, because they could be exploited by code downloaded while visiting a malicious Web site, security experts said.

While the IE flaws were not publicly known, hackers were now expected to target them.

"Consumers and businesses alike should immediately install these patches," Kurt Baumgartner, senior security researcher for Kaspersky Lab, said in the company's blog.

In general, Web browsers and media players have become a prime target of hackers.

"Regardless of announced vulnerabilities, organizations should enforce policy and processes that reduce risk related to browser and media player exploits," Marcus Carey, security researcher at vendor Rapid7, said in an e-mail.

Five bulletins addressed vulnerabilities rated as "important" by Microsoft. Among those flaws, Carey advised IT staff to give priority to a patch for Visio, a diagramming program for Windows. "Visio is usually used by system administrators and network administrators, which could be very rewarding for an attacker if they were able to compromise Visio users," he said.

Overall, Microsoft's monthly Patch Tuesday, which falls on the second Tuesday of each month, was considered light by security experts. Some pointed out that the number of patches, called security bulletins by Microsoft, have fallen year over year.

"IT continues to benefit from Microsoft’s security initiatives in 2012 with comparatively lower numbers year on year," Paul Henry, security and forensic analyst at Scottsdale, Ariz.-based business security vendor Lumension, said in an e-mail.