Spring Has Sprung, and so has the Microsoft Security Bulletin Count

Microsoft just released their Patch Tuesday Advanced Notification for April 2011.  Microsoft plans to release 17 new security bulletins addressing 64 vulnerabilities.  So far this year we have gotten off pretty easy from Microsoft Patch Tuesdays.  However, the upcoming Patch Tuesday will be another day to remember.  This month will tie the record for the most security bulletins released by Microsoft at one time.  In December of last year, Microsoft also released 17 security bulletins.  On the vulnerability front, yes, we have another Microsoft record.  With Microsoft fixing 64 vulnerabilities, they will surpass the previous Microsoft record of 49 vulnerabilities fixed in October of last year.

Bulletin Breakdown:
- 9 bulletins are rated as Critical
- 8 bulletins are rated as Important
- 16 bulletins address vulnerabilities that could lead to Remote Code Execution
- 1 bulletin addresses a vulnerability that could lead to Elevation of Privilege

- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
Protecting Windows: Microsoft Exchange Server Data Protection
- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

Affected Products:
- All supported operating systems
- Office XP, 2003, 2007
- Excel XP, 2003, 2007, 2010
- PowerPoint XP, 2003, 2007, 2010
- Excel Viewer
- PowerPoint Viewer, 2007
- Office Compatibility Pack 2007
- Office PowerPoint Web App
- Visual Studio .NET 2003
- Visual Studio 2005, 2008, 2010
- Visual C++ 2005, 2008, 2010

This upcoming Patch Tuesday will also address two open Microsoft vulnerabilities.  First, Microsoft will fix an issue that was detailed on February 16th, 2011.  Microsoft did not put out a Security Advisory for this, but they did detail a vulnerability in a blog posting.  The vulnerability affects the SMB Browser on all supported versions of the Microsoft operating system.  This vulnerability is a zero-day vulnerability, but Microsoft has not had any reports of attacks to date.  Second, Microsoft will be addressing Security Advisory 2501696 that was released on January 28, 2011.  This vulnerability affects an issue with the MHTML protocol.  Microsoft supplied a temporary workaround with a FixIt tool that locked down the MHTML protocol.  If you have applied the FixIt tool from Microsoft, you should remove the workaround and return MHTML functionality to your systems as soon as you patch the system.

Hopefully you will get some time this weekend to enjoy a nice, relaxing early spring weekend.  Next week will be bringing many sleepless nights as the Shavlik Data Team is about to face.

Shavlik

About Shavlik

Shavlik, a global leader in simplifying the complexity of IT management, is dedicated to significantly reducing the time-to-value for IT professionals from months to minutes. Shavlik’s Protect, Configure, SCUPdates and Management Intelligence are some of its on-premise and cloud base solutions that enable customers to manage both physical and virtual machines, deploy software, discover assets, simplify configuration, control power usage and ensure endpoint security. By bringing the sophisticated capabilities enjoyed by large companies to organizations of all sizes and types, Shavlik is driving the democratization of IT.

, ,

No comments yet.

Leave a Reply


*