Windows Debuts New 8.1 Operation System
Joe Raedle/Getty Images

Microsoft Issues a Flood of Security Fixes in Time for the Holidays

Dec 09, 2015

It's a tough week for Microsoft shops.

On Tuesday, the software giant released an even dozen security updates. The company deemed eight of those "critical," meaning that IT staffs are supposed to apply them immediately. All-in-all, the fixes addressed 71 issues—and that means a tough day (or two) at the office for Windows administrators.

To add insult to injury, one of the patches, for the Outlook 10 email client, has already been pulled, according to Infoworld. The reason? Instead of repairing the glitch it was supposed to fix, the patch actually caused an error to occur. Microsoft addressed that issue here.

Vulnerabilities deemed critical could allow code to execute on the user's machine without her knowledge and without warning. Not good.

One of the fixes that came out on Microsoft's monthly "Patch Tuesday," addresses a vulnerability in several versions of Windows server and desktop operating systems.

Other affected products include several versions of Microsoft Office, including Office 2010, and Internet Explorer as well as the company's new Edge browser.

Separately, Microsoft (msft) also acknowledged that an Xbox Live digital certificate was also inadvertently disclosed. This security certificate could be used to launch "man-in-the-middle" attacks, according to ThreatPost. Such attacks occur when the bad guy secretly inserts himself between two parties of a conversation and eavesdrops. He can also alter the conversation without their knowledge.

No such attacks have been discovered and Microsoft said it has invalidated the rogue certificate.

Bolstering the security of the software that runs many businesses is a tough gig. For software makers like Microsoft, which recently made a big splash about how it's improved its security posture, issuing too many patches can prompt howls of protest. But imagine if it did not post patches and a vulnerability caused serious damage?

Hard to win here.

For more from Barb, follow her on Twitter at @gigabarb, read her coverage at fortune.com/barb-darrow or subscribe via this RSS feed.

Make sure to subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions