Microsoft's latest "Patch Tuesday" involved a new all time high number of updates. Nine of these were critical, and in total there were twenty flaws patched in Windows and three in Office. Out of all of these, eleven were publicly known or exploited before Microsoft provided fixes for them.
Of specific interest is a remotely exploitable vulnerability in Windows, which Microsoft reports is already being used in attacks on PCs. The problem lies in a Windows service that provides support for networking features such as file sharing and printer sharing, the company said in security bulletin MS06-040.
The flaw that was fixed in MS06-040 could enable an anonymous attacker to remotely commandeer a Windows PC without any user interaction.
So far in 2006, Microsoft has issued more patches than in 2004 and 2005 combined. Some have speculated right now is a prime opportunity for hackers to exploit the backlog of unprotected vulnerabilities. Indeed, according to Alan Bentley, managing director, EMEA, of patch management specialist Patchlink, between the backlog of unpatched issues, and the chances of new vulnerabilities being discovered in adjacent areas, "Exploit Wednesday" may soon be on the horizon!