Hackers will quickly jump on one of the 15 vulnerabilities Microsoft patched Tuesday to build attack code that infects Internet Explorer users, security researchers agreed today.

The bug, which Microsoft patched as part of a record-tying security update for the month of November, is in the Windows kernel, the heart of the operating system. The kernel improperly parses Embedded OpenType (EOT) fonts, a compact form of fonts designed for use on Web pages that can also be used in Microsoft Word and PowerPoint documents.

Microsoft rated the flaw as "critical," its highest threat rating, and gave the bug an exploitability ranking of "1," which means it expects a working exploit to appear in the next 30 days.

Outside researchers expect it much sooner than that.

"An exploit will appear sooner rather than later," said Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. "The target is Internet Explorer, and browsing is the number one attack vector in the world right now. Users can be infected simply by browsing to a [malicious] site."

Full story: Computerworld