On Tuesday, 20 vulnerabilities were patched by Microsoft Corp. and more than half of them were categorized as critical, in 11 separate security updates for Windows, Office, Internet Explorer (IE), Active Directory and the Host Integration Server.

Additionally for the very first time, it was assumed by the company that hackers would be able to come up with exploits for each bug.

According to Andrew Storms, director of security operations at Circle Network Security Inc, “Eleven of the 20 flaws were rated critical, the top ranking in Microsoft's four-level threat scoring system, while eight were pegged as important, the next step down, and one was listed as only moderate.”

Storms further informed about the two general themes in the latest round of patches, “First, there's still a pervasiveness of client application updates that doesn't seem to be diminishing at all, and second, Microsoft's newer software is still less vulnerable than its older.”

Updates, which addressed three critical vulnerabilities in Excel and six critical bugs in IE, were ticked off by Storms on the first point. He listed several security bulletins that labeled Windows 2000 or older editions of Office as susceptible. However the new versions of its operating system or applications were either given a pass by him or labeled with lower threat for users.  

Storms reported, “Today's patches really continue to hammer the idea that the newer [Microsoft] software is more secure. If there was ever a reason to update to newer software, this is it. There's no reason not to update, for example, to IE7.”

Other than this, two more updates were brought forward by Storms, as he thought that these should also get some serious attention and particularly by enterprise IT professionals. The first one was spelled out in MS08-060 that has affects on Active Directory and the second one was MS08-059 that affects Host Integration Server (HIS), which basically connects Windows-based networks to IBM mainframe and AS/400 systems. Both of them were labeled as critical by Microsoft.