Microsoft has released its last patches of 2009, with a fix securing Internet Explorer top of the list.
The Internet Explorer bulletin (MS09-072) was the only patch this month that carried a critical' severity rating with a maximum exploitability rating.
This was due to the exploit code for the Internet Explorer 6 and 7 flaw being available publicly, although it wasn't reliable.
Symantec senior research manager Ben Greenbaum said it had been a race between attackers to improve the reliability of the exploit and Microsoft to either get a patch out.
So far, the company hadn't seen the exploit improve its consistency or any evidence of successful attacks in the wild.
Matthew Walker, regional director for UK and Ireland at Lumension, said in a statement that MS09-072 potentially had the biggest impact.
He said the patch affected all IT environments running Internet Explorer 6,7 and 8, and specifically impacted Windows 7, Vista and XP, which all required a restart.
"This, combined with updates issued by Apple for Java for OSX and Adobe for Flash Player and AIR, make this month particularly important for IT departments to shore-up patches and protect against web-borne malware threats."
There were two critical vulnerabilities affecting Windows, with one bulletin affecting Windows Server 2008 and also requiring a restart.
Walker said: "Although Microsoft's exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission critical applications, this update has the potential to be severely disruptive to business operations."
In total, there were six security bulletins addressing 12 vulnerabilities.
Adobe also released critical security updates for Flash Player and AIR, that came very soon after a zero-day flaw was discovered on Illustrator CS3 and CS4.
"Though both of Adobe's updates are critical, the Flash Player update should be applied immediately by all users," said Greenbaum. "Flash is used so commonly that it should definitely be a high priority."
-
CIOs and CTOs are making high-stakes decisions with incomplete informationNews Architecture, governance, and investment decisions control how fast organizations can move, what risks they can handle, and which opportunities are viable
-
Nvidia touts its contribution to UK sovereign AI plansNews The latest deal sees Nebius expanding capacity in the UK with three new deployments
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Ask more from your CMSWhitepaper How to get the most value in the shortest timespan
-
Adobe battles fake photos with editing tagsNews Photoshop will include new tagging tools later this year to help fight against misinformation and deep fakes
-
Adobe Photoshop Elements 2019 review: Trapped in the photo-editing middle groundReviews A once peerless beginner’s photo-editing package that’s past its prime
