Network administrators were busy on Tuesday as Microsoft released its largest collection of security patches in more than a year.The monthly security update includes 21 vulnerabilities on 12 updates, the most since February 2005, said Jonathan Bitle, product manager with Qualys.The update is so large because hackers are exploiting “client side” weaknesses instead of automated services that run in an operating system. That type of attack relies on PC users’ tendency to open e-mail attachments and other files from unknown senders.“It’s a who’s who of what applications are installed on an end-user PC, from Internet Explorer to PowerPoint to Word to Media Player,” Bitle said. The risk is much greater than a virus sending e-mail to all the names in a user’s address book. Instead, 19 of the patches correct problems that allow “remote code executions,” the programmers’ term for a hacker’s program that can gain full control over a user’s PC.With such control, a hacker could steal or corrupt data, or even use the host computer to launch additional attacks on other networks. The sole consolation is that hackers cannot exploit most of those weaknesses unless a user opens an infected file, such as a PowerPoint slideshow, Word document or Media Player picture, said Amol Sarwate, manager of the vulnerability research lab at Qualys.Still, system administrators must install all 21 patches, he warned. “You can’t rely on end users not going to a malicious website or not opening an e-mail attachment.”These client-side vulnerabilities also contain a host of lesser threats, said Oliver Friedrichs, director of Symantec Security Response.A malicious website can easily install crimeware, spyware or adware on a visitor’s PC.So, the Microsoft security update focuses on four main areas: the Internet Explorer Web browser, Outlook Express, PowerPoint and Windows Media Player.Many of these vulnerabilities can execute without a user even opening the infected file, so Symantec recommended that IT administrators should implement their top security practices, back up sensitive data and remind users to avoid opening unexpected e-mail attachments or following Web links from unknown sources. Likewise, consumers should run Windows Update and install all the latest security updates, and use security software, Symantec said.Microsoft’s security bulletin can be found here.Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage. Related content opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO Encryption Threat and Vulnerability Management feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Cryptocurrency Cryptocurrency news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Government Incident Response news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe