Microsoft's patching is going from one extreme to the other. While March had just three bulletins fixing four vulnerabilities, next week 17 bulletins are being issued, fixing 64 different vulnerabilties. This ties with December 2010 as the most bulletins, and takes the clear lead for number of flaws fixed.
Nine bulletins are critical, with all carrying the risk of remote code execution. The remaining eight are ranked important; six of these enable remote code execution, one allows privilege escalation, and the last can lead to information disclosure. Seven of the bulletins have mandatory restarts; the remainder "may" do so.
As well as the typical patches for Windows, Internet Explorer, and Office, a couple of the bulletins include more unusual patches. Specifically, the Office Web Apps and Visual Studio are both receiving fixes this month. Not included in the list of patched software is Internet Explorer 9; this latest browser version is apparently immune to the flaws affecting versions 6, 7, and 8 that will be patched next week.
Microsoft has also confirmed that these patches include fixes for the MHTML flaw publicly disclosed in January, and an SMB flaw disclosed in February. In March, the company announced that it had learned of limited, targeted attacks using the MHTML flaw. The SMB flaw carried a theoretical possibility of remote code execution, but the company felt that denial of service was the more likely outcome. As ever, the full list of resolved flaws won't be announced until next week.
Read more: http://arstechnica.com/microsoft/news/2011/04/64-fixes-for-aprils-bumper-patch-tuesday.ars
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment