Microsoft issues nine patches for Windows, Office Web

patched computer

Microsoft has issued nine patches to cover 19 flaws in its products, fixing vulnerabilities in Windows and Office.

Five of the patches are rated critical in severity, while six are rated critical for their "exploitability" - which means hackers will have solid code to attack the flaw within the month.

One of the patches fixes a flaw in Office Web Components - which already has an active exploit "in the wild" - while the rest are for various versions of Windows.

In the Microsoft Security Response Center blog, security researcher Jerry Bryant highlighted a patch for the Active Template Library, which includes a binary level update for Microsoft Video ActiveX. "We encourage you to deploy this update as soon as possible," he said.

Ben Greenbaum, senior research manager, Symantec Security Response, agreed. "All of the ActiveX issues patched this month could be easy to exploit and can impact even the average computer user," he said.

"The potential danger is that many of these vulnerabilities can be exploited by simply getting a user to visit a Web page that contains malicious content," he added. "Through a drive by download, even simply viewing a legitimate site that has been compromised by an attacker can lead to user's machine being exploited via these vulnerabilities."

Microsoft also announced Extended Protection for Authentication for the Windows platform, a safer new way of authenticating network connections.

"This is a non-security update that enables new protection technology that can be used to enhance the protection of credentials when authenticating network connections," Bryant wrote.