Microsoft today said it will issue 12 security updates next week, including two for Internet Explorer (IE), that will patch a near-record 57 vulnerabilities in the browser, Windows, Office and the enterprise-critical Exchange Server email software.

"These are some serious numbers," said Andrew Storms, director of security operations at nCircle, referring to the 57 bugs Microsoft plans to quash Feb. 12.

And they're nearly a record, coming close to the all-time Patch Tuesday tally of 64 flaws, all patched with fixes in April 2011.

Five of the 12 updates will be pegged as "critical," Microsoft's highest threat rating, while the remainder will be labeled "important," the next step below critical.

Two of the five critical updates will address vulnerabilities in Windows XP Service Pack 3 (SP3) and Windows Vista. Among the important updates, five will affect Windows 7, four Windows 8, and three each for XP SP3 and Windows RT. The latter is the limited-functionality edition designed for tablets, and the one that powers Microsoft's own Surface RT tablet.

But what caught Storms' eye were the two separate updates for IE, both tagged as critical, that will patch IE6, IE7, IE8, IE9 and the latest browser, IE10.

"This is the first time I've seen them do this," said Storms of the one-two punch. "Unless there's been an 'out-of-band' update for IE, they've never released more than one update [for the browser] in a month."

Computerworld