Microsoft today urged customers to apply fixes for holes in Internet Explorer, including one being exploited in attacks, and for vulnerabilities in Windows Server Message Block (SMB) client and server software as part of a whopping Patch Tuesday.

The company released 17 bulletins resolving 64 vulnerabilities, nine of them rated "critical" and eight rated "important." However, 30 of the vulnerabilities are addressed by one bulletin, a kernel update that is rated "important," that was discovered by one researcher.

First priority is MS11-018, a cumulative security update for IE that is rated critical for IE6, IE7 and IE8 on Windows clients, but does not affect IE9. The company is aware of limited, targeted attacks against one of the holes, Jerry Bryant, group manager for response communications at Microsoft's Trustworthy Computing Group, told CNET. The bulletin also addresses problems uncovered in the Pwn2Own contest at CanSecWest last month.

More: http://news.cnet.com/8301-27080_3-20053212-245.html