Microsoft has issued six security bulletins that address 12 vulnerabilities, seven of which Microsoft has rated as critical.
All five critical updates affecting Internet Explorer, including ones for Internet Explorer 8 and a recently made public vulnerability in versions 6 and 7, fix issues that could be used in drive-by download attacks.
“Proof-of-concept exploit code was released for the object memory corruption vulnerability late last month, but it wasn’t reliable,” says Ben Greenbaum, senior research manager at Symantec Security Response.
“It’s been a race since between Microsoft and attackers to either get a patch out or improve the exploit’s reliability. As it turns out, Symantec has yet to see neither the exploit’s consistency increased significantly nor any successful attacks using it in the wild.”
Adobe has also released critical security updates affecting Flash Player and AIR. This comes on the heels of a zero-day vulnerability affecting Illustrator CS3 and CS4 coming to light late last week.
“Though both of Adobe’s updates are critical, the Flash Player update should be applied immediately by all users,” Greenbaum says. “Flash is used so commonly that it should definitely be a high priority.”