Microsoft plans to ship 16 bulletins to patch 49 vulnerabilities across its product line, including Windows, Internet Explorer, Office and the .NET Framework.
The previous record number of patches was set in August, when Microsoft pushed out fixes for 34 flaws.
A quarter of the 16 patches are labeled "critical", while 10 carry a less severe "important" rating and two others are listed as "moderate."
There are a number of publicly known issues affecting Microsoft, namely two zero-day, privilege-escalation vulnerabilities being leveraged by Stuxnet attackers. Stuxnet is a pernicious worm that has been used to attack critical infrastructure facilities, mainly in Iran, India and Indonesia.
It also is possible that some of the patches will resolve a new attack vector, involving a class of vulnerabilities, known as DLL preloading, that can be used to infect PCs when an application is tricked into loading a malicious library.
In addition, Microsoft last month began investigating a data-stealing vulnerability impacting its newest web browser, Internet Explorer 8.
But, as is typical, Microsoft did not name which bugs would be patched.
Some experts suggested that Microsoft tends to deliver large October releases because many industries are reticent to make major system upgrades in November or December.
"The theory behind the larger October patch is that many industries go into ‘lock-down' mode with their critical infrastructure as the end of year approaches," said Andrew Storms, director of security operations at nCircle, provider of vulnerability management solutions. "Finance and retail sectors in particular are extremely careful with changes in the latter part of the year given the heavy volume of online shopping."
See original article on scmagazineus.com