Microsoft sets one-day patch record

Posted by Mike Luttrell

Year after year after year, Microsoft has consistently kept its software up-to-date and as safe as possible by releasing security fixes to users at the same time every month. But none of these updates has ever been as big as the one that was pushed out to Windows customers yesterday.

"Patch Tuesday" is the second Tuesday of every month and has become Microsoft's scheduled date for sending out security patches for all of its Windows products.  There could just be one vulnerability or there could be a whole bunch. Or, in the case of yesterday's update, it could have 40 issues to address.

The December 2010 Patch Tuesday release is officially the biggest ever Patch Tuesday for Microsoft. It patches 40 different security holes and 17 separate "bulletins," which is more than any update before.

However, only two vulnerabilities were labeled as "critical," Microsoft's highest threat level. The first one addresses a major glitch in Internet Explorer that made it possible for hackers to gain remote access to an infected user's computer. The second critical fix affected "font handling" and also could have led to someone gaining remote access into unsuspecting victims' PCs.

The remaining bulletins were all ranked "important," with the exception of a lone "moderate" bug. Many of these are technical fixes that most users wouldn't even notice. Even so, it looks like Microsoft has been busy over the past month.

It hasn't just been this month. There have been more security patches in all of 2010 than there have ever been before. A total of 106 bulletins were dispatched during the course of the year, surpassing 2008 in which only 78 bulletins had to be released. Total number of patches reached 261, a huge increase over the previous record year, which was 170 in 2009.