Microsoft patches 16 Windows vulnerabilities, including IE9 bug

Microsoft has issued nine patches to address 16 vulnerabilities, including an IE9 drive-by bug and a Windows zero-day attack, in a handful of Windows products.

Of the nine updates, the company has rated three as ‘critical,’ its most serious danger rating. The remaining six have been deemed ‘important.’ The patches apply to all Windows editions, Office for Windows 2003, 2007, and 2010, Office for Mac 2011, and IE9.

The surprise IE9 fix, which is among the ‘critical’ updates, comes in the form of a two-patch update. MS12-044 represents the first of what will apparently be a monthly IE9 update, rather than a bi-monthly update.

"We have...increased our Internet Explorer resources to the point where we will be able to release an update during any month instead of on our previous, bi-monthly cadence," wrote Yunsun Wee, a director in Microsoft's Trustworthy Computing group, in a blog post.

While some reports have suggested that the switch to more frequent updates indicates that IE9 is not as secure as Microsoft has previously boasted, others have pointed out that a mechanism to push patches out as soon as fixes are developed is more effective than having to wait for the next update cycle.

The other two ‘critical’ patches - MS12-043 and MS12-045, for XML core services and Microsoft Data Access Components, respectively - address issues related to drive-by attacks.

Microsoft’s security bulletins outline the various vulnerabilities addressed by each patch, and the company suggests users prioritise implementation if they are unable to install all of the updates immediately.