The Members Forum

Microsoft on Tuesday warned customers that a record number of just-patched bugs will probably be exploited in the next 30 days.

Of the 35 vulnerabilities that Microsoft has patched this month, it assigned 32 an exploitability rating, a score that quantifies the company's take on whether reliable attack code will appear. Of the 32 bugs, a record 18 were pegged with a rating of "1," which in Microsoft's methodology means it anticipates reliable exploit code in the coming month.

Microsoft also assigned nine of Tuesday's 14 security updates the same "1" exploitability rating.

Engineers with the Microsoft Security Response Center (MSRC) published a table Tuesday that spelled out their take on exploit likelihood. According to the MSRC, exploit code for five of the eight security updates labeled "critical" and four of the six pegged as "important" will probably pop up in the next 30 days.

Microsoft also expects that exploit proof-of-concept code -- demonstration exploits that often need work before they're reliable enough to use in the wild -- will be released for the remaining pair of important updates.

According to Andrew Storms, director of security operations at nCircle Security, August's exploitability index count is a record, beating June 2010's 17 vulnerabilities with an index rating of "1."

Storms' data showed that February and March 2010 each boasted 12 bugs with an exploitability index of "1," while June 2009 featured 14.

Computerworld has the details HERE!