Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Microsoft Issues a Flood of Security Fixes in Time for the Holidays

December 9, 2015, 6:19 PM UTC
MIAMI, FL - OCTOBER 17: A Microsoft sign is seen as the new Windows 8.1 operating system is released at a Microsoft store in the Dadeland Mall October 17, 2013 in Miami, Florida. The update was released a year after Windows 8 was released and includes fixes to some of the problems people experienced with the initial release. (Photo by Joe Raedle/Getty Images)
Joe Raedle/Getty Images

It’s a tough week for Microsoft shops.

On Tuesday, the software giant released an even dozen security updates. The company deemed eight of those “critical,” meaning that IT staffs are supposed to apply them immediately. All-in-all, the fixes addressed 71 issues—and that means a tough day (or two) at the office for Windows administrators.

To add insult to injury, one of the patches, for the Outlook 10 email client, has already been pulled, according to Infoworld. The reason? Instead of repairing the glitch it was supposed to fix, the patch actually caused an error to occur. Microsoft addressed that issue here.

Vulnerabilities deemed critical could allow code to execute on the user’s machine without her knowledge and without warning. Not good.

One of the fixes that came out on Microsoft’s monthly “Patch Tuesday,” addresses a vulnerability in several versions of Windows server and desktop operating systems.

Other affected products include several versions of Microsoft Office, including Office 2010, and Internet Explorer as well as the company’s new Edge browser.

Separately, Microsoft (MSFT) also acknowledged that an Xbox Live digital certificate was also inadvertently disclosed. This security certificate could be used to launch “man-in-the-middle” attacks, according to ThreatPost. Such attacks occur when the bad guy secretly inserts himself between two parties of a conversation and eavesdrops. He can also alter the conversation without their knowledge.

No such attacks have been discovered and Microsoft said it has invalidated the rogue certificate.

Bolstering the security of the software that runs many businesses is a tough gig. For software makers like Microsoft, which recently made a big splash about how it’s improved its security posture, issuing too many patches can prompt howls of protest. But imagine if it did not post patches and a vulnerability caused serious damage?

Hard to win here.

For more from Barb, follow her on Twitter at @gigabarb, read her coverage at or subscribe via this RSS feed.

Make sure to subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.