Microsoft posted a total of 74 bulletins in 2009 which patched 190 exploits in their operating systems and software. June was the biggest patch month, offering a total of 10 bulletins and 31 exploits patched, while January only had 1 bulletin posted which fixed 3 exploits.
Microsoft posted 44 critical bulletins, their highest security rating, and 27 important bulletins in 2009. 3 of the bulletins were marked as moderate and there were no low security bulletins posted. From the 74 bulletins posted in 2009, 132 exploits were labeled as critical, 53 important and 5 moderate.
Microsoft posted a total of 55 Remote Code Execution bulletins in 2009, 5 Denial of Service, 3 Spoofing, 10 Elevation of Privileges and 1 information disclosure. Those 74 security bulletins patched a total of 157 Remote Code Execution exploits, 7 Denial of Service, 7 Spoofing, 18 Elevation of Privileges and 1 information disclosure were patched.
Windows Server 2003 was labeled as the most insecure piece of Microsoft software, with a total of 34 exploits patched. Windows Server 2008 and Windows XP both received a total of 30 exploits, with Windows Vista and Windows 2000 following closely behind with a total of 26 exploits patched. Windows 7 only had 1 bulletin, patching 3 exploits in 2009.
Internet Explorer 6 had a total of 7 exploits patched in 2009, with IE5 and IE7 right behind with a total of 6. Internet Explorer 8 only had 4 exploits released in 2009.
Office 2003 had the most exploits patched in 2009 with 13. Office XP saw a total of 11 exploits patched with Office 2007 following behind with 10. Office 2000 had the least amount of patches with a total of 8 exploits patched.
Office 2004 and Office 2008 for Mac both had 6 exploits patched in 2009.