00:44
Mr. Asim Rajput
Microsoft's patching is going from extreme to the other. While March had bulletins fixing vulnerabilities, next week 17 bulletins are being issued, fixing 64 different vulnerabilties. This ties with December 2010 as the most bulletins, & takes the clear lead for number of flaws fixed.
Nine bulletins are critical, with all carrying the risk of remote code execution. The remaining seven are ranked important; four of these enable remote code execution, allows privilege escalation, & the last can lead to information disclosure. Four of the bulletins have mandatory restarts; the remainder "may" do so.
As well as the typical patches for Windows, Net Explorer, & Office, a couple of the bulletins include more unusual patches. Specifically, the Office Web Apps & Visual Studio are both receiving fixes this month. Not included in the list of patched program is Net Explorer 9; this latest browser version is apparently immune to the flaws affecting versions 6, 7, & 8 that will be patched next week.
Microsoft has also confirmed that these patches include fixes for the MHTML flaw publicly disclosed in January, & an SMB flaw disclosed in February. In March, the company announced that it had learned of limited, targeted assaults using the MHTML flaw. The SMB flaw carried a theoretical possibility of remote code execution, but the company felt that denial of service was the more likely outcome. As ever, the full list of resolved flaws won't be announced until next week.
The bulletins will be released on Tuesday at 10:00am PST, and there will be the usual webcast the following day at 11:00am PST (apparently, in spite of Redmond now being on PDT) to address customer questions.
Nine bulletins are critical, with all carrying the risk of remote code execution. The remaining seven are ranked important; four of these enable remote code execution, allows privilege escalation, & the last can lead to information disclosure. Four of the bulletins have mandatory restarts; the remainder "may" do so.
As well as the typical patches for Windows, Net Explorer, & Office, a couple of the bulletins include more unusual patches. Specifically, the Office Web Apps & Visual Studio are both receiving fixes this month. Not included in the list of patched program is Net Explorer 9; this latest browser version is apparently immune to the flaws affecting versions 6, 7, & 8 that will be patched next week.
The bulletins will be released on Tuesday at 10:00am PST, and there will be the usual webcast the following day at 11:00am PST (apparently, in spite of Redmond now being on PDT) to address customer questions.
0 comments:
Post a Comment