As I mentioned in an earlier post, one of the fastest ways for malicious hackers to exploit your system is to see what is being patched, write some code to exploit that vulnerability and lure unpatched browsers to a page with that code in it, often with a flock of spam emails that lead the unthinking and too-trusting user to it.

Microsoft on Tuesday issued eight security updates to fix 23 security holes in its software, 10 of which are rated critical. Attackers have already used six vulnerabilities and four have a proof of concept or attack plan published. via CIO Issues - Attackers Focused on 10 of 23 Patch Tuesday Holes.

This was the largest release of security patches since October 2008 and addresses issues in Windows, Internet Explorer, DirectX, Excel, Word and in the company's security software.

One of the four critical vulnerabilities that address issues with Internet Explorer is of particular concern, according to Ben Greenbaum, senior research manager for Symantec Security Response.

"... An attacker can simply lure a victim into viewing a Web page that contains malicious content and that individual's computer can then be taken over," Greenbaum said.

"This collection of Internet Explorer patches released today is a positive step, since the Web has become the primary conduit for attacks against end users. Many browser vulnerabilities, such as these announced by Microsoft, allow attackers to gain complete control over everything a user has permission to do on an exploited machine. You can imagine how dangerous this can be, especially if the user has administrator rights."

The takeaway, if you don't have automatic updates turned on, update manually right now, while you leave them unpatched you hold open the security window and if you are running your computer on a network, you may also be compromising your colleagues who have updated their machines.

Welcome back to Groupings blog. Now that you are a regular, please feel free to comment on any story that you feel comfortable with.