Microsoft’s patching is going from one extreme to the other. While March had just three bulletins fixing four vulnerabilities, next week 17 bulletins are being issued, fixing 64 different vulnerabilties. This ties with December 2010 as the most bulletins, and takes the clear lead for number of flaws fixed.
Nine bulletins are critical, with all carrying the risk of remote code execution. The remaining eight are ranked important; six of these enable remote code execution, one allows privilege escalation, and the last can lead to information disclosure. Seven of the bulletins have mandatory restarts; the remainder “may” do so.
As well as the typical patches for Windows, Internet Explorer, and Office, a couple of the bulletins include more unusual patches. Specifically, the Office Web Apps and Visual Studio are both receiving fixes this month. Not included in the list of patched software is Internet Explorer 9; this latest browser version is apparently immune to the flaws affecting versions 6, 7, and 8 that will be patched next week.
Hack In The Box