Yesterday Microsoft patched 19 vulnerabilities; among them are the DNS-RPC vulnerability that was exploited by botnets in April and the Word vulnerability that was first disclosed on this blog. One of the new vulnerabilities, the Exchange MIME decoding vulnerability, can be remotely exploited without user interaction and should get high priority if you are running Microsoft Exchange.

When creating the graphs below I realized that I wasn’t even a tiny bit surprised by the high number of patched vulnerabilities. Time will tell if we will return to the days when the number of monthly patches was in the single digits. For now, I seem to be used to the high number of patches on Patch-Tuesday probably helped by similar large patch releases by Oracle, Apple and other vendors.