Majority of bugs reported responsibly, Microsoft adds
Microsoft is set to issue 17 patches this month, as it rounds out a record year for security bulletins.
This month, the 17 patches address 40 vulnerabilities, of which 17 are critical, bringing the total number of bulletins for the year to a record 106.
Mike Reavey, director of Microsoft's Security Research Centre, said the increase was partially due to the long life cycle of Microsoft's products. "Microsoft supports products for up to ten years," he said, in a post the Microsoft security blog.
"Vulnerability research methodologies, on the other hand, change and improve constantly," he added. "Older products meeting newer attack methods, coupled with overall growth in the vulnerability marketplace, result in more vulnerability reports."
He noted that about 80% of the bugs are reported to Microsoft "cooperatively", rather than being publicly disclosed.
The 17 updates this month include Microsoft's final patch for the Stuxnet worm. Public exploit code is available for the flaw, which allows local elevation of privileges.
Microsoft is also fixing a critical vulnerability in Internet Explorer, but Reavey said the "total number of exploit attempts we monitored remained pretty low."