Microsoft issues slew of critical security patches


On the whole, the December crop of patches is more heavily focused on user machines -- laptops and desktops -- then it is on the server side.

"For those that manage desktops it is a busy month," says Eric Schultze, CTO of Shavlik Technologies.

The crop of vulnerabilities also included another flaw in GDI, a component of Windows responsible for representing graphical objects.

"The exploit vector is very high," says Amol Sarwate, manager of the vulnerabilities research lab at Qualys. "You just have to view an image on a malicious Web page. And since it is in the OS, all Windows machines are affected by default."

Sarwate says MS08-070 also is of interest to corporate users because part of the attack vector can be delivered via DLLs that are used by third-party applications.