It’s shaping up to be a busy Patch Tuesday for Microsoft, security professionals and administrators. The release of a dozen patches today, six marked critical, includes fixes to two zero-day vulnerabilities that have been haunting the software giant for the past few weeks.
One of the critical fixes blocks a zero-day bug in Internet Explorer’s (IE) support for “cascading style sheets” (CSS) that emerged earlier this year. In order to trigger an attack, all a user would need to do is view a poisoned Web page. The fix for the CSS hole, and two others also rated critical, is delivered as part of a cumulative update to IE. In fact, Microsoft said the holes impact most versions of Windows and IE.
One security researcher was taken aback by the amount of effort that will be required to roll out the CSS patch because it requires that all systems be rebooted after installation. How many would that be? His best guess is somewhere in the range of a whopping 900 million PCs.
Security analyst Paul Henry at Lumension, said the need to reboot could cripple certain applications. Read all about it in eSecurity Planet.