It's that time of the month again, time for Microsoft to go about plugging holes in its many software applications.
Yesterday's Patch Tuesday inaugurated seven fixes for 11 vulnerabilities, including a last-minute patch for two zero-day flaws in Windows Media Player. As expected, the updates did not include fixes for the two zero-day flaws found in Microsoft Office last week.
The update also includes a patch for a flawed WMI Object Broker ActiveX control in Visual Studio 2005.
Security analysts have noticed a trend of hackers executing zero-day exploits shortly before Patch Tuesday so that there's no time for Microsoft to include a fix in the patch.
The so-called surprise fix takes care of a problem with the way Media Player handles the ASX file format. Hackers could create “malformed” ASX files that would end up in remote code execution.
Six vulnerabilities in Internet Explorer that were previously undetected in the wild have also been patched. Symantec warns that a bug in script handling could allow for “complete system compromise” at the hands of an attacker.
Overall, three of the patches have been rated Critical, and the rest Important.