This month's Patch Tuesday list includes three Critical security updates
Last week's headlines from the Microsoft Ignite conference breathlessly (and incorrectly) proclaimed that Patch Tuesday was dead.
As if to say, "I'm not dead yet," Microsoft's update servers delivered a heaping helping of Patch Tuesday fixes today, for Windows, Office, the .NET Framework, and Silverlight. On a Windows 8.1 System, I counted 19 updates for Windows, and a separate Windows 7 test system included 14 updates for Windows, another 11 for Office 2010, and an updated version of Silverlight.
Three of today's security updates were rated Critical. None of today's vulnerabilities are listed as being actively exploited at this time.
MS15-043 is a cumulative update for Internet Explorer that fixes 22 separate vulnerabilities, including 14 memory corruption vulnerabilities.
MS15-044 fixes a pair of vulnerabilities in the OpenType and TrueType font rendering code that can be exploited in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The TrueType vulnerability includes the possibility of remote code execution.
MS15-045 patches a remote code execution vulnerability in the obscure Windows Journal program, which is installed by default in all supported client versions of Windows. Windows Server versions are only affected if the Windows Journal program is installed by enabling Desktop Experience features.
Today's bumper crop of patches also includes some non-security updates, several designed to enable smoother upgrades to Windows 10 in the coming months. The Compatibility update for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: April 2015 (KB3048097) fixes some crash scenarios with USB controllers.
For desktop systems that have Automatic Updates enabled, today's updates will be installed (with a mandatory restart for some) in the normal overnight update window. Despite the daunting number of individual updates, the total size of the update package is relatively small--well under 200 MB on an otherwise up-to-date Windows 8.1 installation and under 250 MB for a system running Windows 7 plus Office.
The accompanying Knowledge Base articles indicate that several of today's security fixes will be available in the next few days for systems running the Windows 10 or Windows Server previews.