UPDATE 1-Microsoft issues its biggest-ever security fix
Tue Oct 12, 2010 5:36pm EDT
* Microsoft addresses record 49 flaws in its software
* Affects Windows, Internet Explorer, Office
* Fixes vulnerability exploited by Stuxnet virus (Adds details on Stuxnet virus, comments from researcher)
By Jim Finkle
BOSTON, Oct 12 (Reuters) - Microsoft Corp (MSFT.O) issued its biggest-ever security fix on Tuesday, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.
The new patches aim to fix a number of vulnerabilities including the notorious Stuxnet virus that attacked an Iranian nuclear power plant and other industrial control systems around the world.
Microsoft said four of the new patches -- software updates that write over glitches -- were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.
Microsoft said it also repaired other less serious security weaknesses in Windows, along with security problems in its widely used Office software for PCs and Microsoft Server software for business computers.
Microsoft released 16 security patches to address 49 problems in its products, many of which were discovered by outside researchers who seek out such vulnerabilities to win cash bounties as well as notoriety for their technical prowess.
"This is a huge jump," said Amol Sarwate, a research manager with computer security provider Qualys Inc. "I think the reason for it is that more and more people are out there looking for vulnerabilities."
The geeks who report such vulnerabilities to software makers are known as "white hat" hackers. Sarwate warned that there are also plenty of "black hats," or criminal hackers who look for vulnerabilities in software that they can exploit to launch attacks on computer systems.