Four of the bulletins are rated "critical," 10 are rated "important," and two are rated "moderate."
Microsoft is advising customers to focus on the four critical bulletins first. These are: MS10-071, which addresses 10 Internet Explorer vulnerabilities; MS10-076, which addresses an Open Type Font Engine flaw in Windows; MS10-077, which fixes a .NET Framework vulnerability; and MS10-075, which resolves a flaw in Windows Media Player.
The release sets a new record for the company, only two months after a record-setting month in August. Microsoft's August patch -- 14 bulletins addressing 34 vulnerabilities -- broke a record set October, 2009.
Microsoft, however, is not alone in releasing large patches this month: Oracle's quarterly security update includes fixes for 85 vulnerabilities.
Wolfgang Kandek, CTO of Qualys, notes in a blog post that MS10-071, addressing Internet Explorer flaws, is the most important patch.
"It is a critical update for Internet Explorer 6, 7 and 8 and has a exploitability index of 1 indicating that Microsoft believes the [vulnerabilities are] relatively easy to exploit," he said. "MS10-076 comes in as a close second in our ranking. It is a critical vulnerability in the way Windows handles fonts and can be triggered by a simple malicious Web page without interaction form the user, making it a good candidate for a 'drive-by' infection campaign."
Joshua Talbot, security intelligence manager at Symantec Security Response, observed in an e-mailed statement that 35 of the 49 vulnerabilities could allow remote code execution and that one of the two remaining zero-day vulnerabilities used by the Stuxnet worm has been fixed. MS10-073 fixes a flaw that allowed Stuxnet to bypass permission controls.