Microsoft on Tuesday released its final eight patches of 2008, which address 28 vulnerabilities including a critical flaw in the new search component in Vista and Windows Server 2008.
Six of the eight were listed as "critical" and the final two were rated "important." The final total of patches for the year was 77.
One of the important patches, MS08-076, targets a set of vulnerabilities that when taken together can add up to a critical flaw, according to information Microsoft provided to antimalware vendors. Microsoft, however, does not base its ratings on combinations, just on the individual flaws.
The vulnerability is similar to last month's release of MS08-068, which allowed a hacker to steal a password and use it to log on to a user's machine and gain control of the PC. That flaw was nearly 7-years-old before Microsoft patched it.
The Vista and Windows Server 2008 vulnerabilities detailed in MS08-075 stand out because the affected search component was developed from scratch for those platforms under Microsoft's new edict to develop secure code. Experts, however, say the threat of exploit appears to be low.
"It shows that even in the newer code that is highly scrutinized by the security teams at Microsoft and where developers are being held to secure coding standards you can still have problems," says Wolfgang Kandek, CTO of Qualys.
On the whole, the December crop of patches is more heavily focused on user machines - laptops and desktops - then it is on the server side.
"For those that manage desktops it is a busy month," says Eric Schultze, CTO of Shavlik Technologies.