MS Patch Tuesday heads-up: 25 holes in Windows, Office

MS Patch Tuesday heads-up: 25 holes in Windows, Office

Summary: Five of the 11 bulletins will be rated "critical," Microsoft's highest severity rating. The flaws affect all versions of Windows, including the company's newest Windows 7 operating system.

SHARE:

Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix 25 documented vulnerabilities that expose Windows users to remote code execution attacks.

Five of the 11 bulletins will be rated "critical," Microsoft's highest severity rating.  The flaws affect all versions of Windows, including the company's newest Windows 7 operating system.

The vulnerabilities will address security holes in Windows, Microsoft Office, and Microsoft Exchange, according to Jerry Bryant, a group manager in Redmond's security response center.follow Ryan Naraine on twitter

Bryant also confirmed that the April batch of patches will include fixes for two publicly known issues:

[ SEE: Hacker exploits IE8 on Windows 7 to win Pwn2Own ]

The Internet Explorer flaw exploited at this year's Pwn2Own contest will not be patched this month. Microsoft typically alternates between patching OS and client software vulnerabilities which means the next IE patch isn't scheduled until May 4th, 2010 at the earliest.

Windows users can find all the affected software and severity ratings in the Microsoft's advance notice summary.

If you're on Twitter, you can receive updates from the MSRC at the new @MSFTSecResponse account.

Topics: Microsoft, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

80 comments
Log in or register to join the discussion
  • IE was just updated out of band, hence no update this month

    The most recent "cumulative" update for IE was released on March 30, out-of-band; most likely they took the update they had slated for this month's Patch Tuesday and accelerated its testing to get it out early.

    http://www.microsoft.com/technet/security/bulletin/MS10-018.mspx
    PB_z
    • Yes, makes sense

      It was not just one "emergency" patch - it was
      a number of IE patches (2 for IE8).

      Looks like MS is processing patches in
      groups/batches per product. They had a number
      of IE patches ready and just processed them
      along with the out-of-band one.

      This time it seems to be Windows, Visio and
      Publisher.
      honeymonster
  • RE: MS Patch Tuesday heads-up: 25 holes in Windows, Office

    Install the patches and be safe! The scheduled patches makes it easy for administrators to know when to expect to expect patches and they can plan accordingly. Home users don't have to worry as Microsoft Windows provides an automatic update function by default. The only victims here are the hackers and malware writers who have nothing to exploit.
    Loverock Davidson
    • I'll take a zero for $200 Alex

      So we had stories of Tiger Woods fooling around with some women, then going back to play the 19th hole. And we see a lot more stories where it turns out Windows and IE is fooling around with millions of people and plugging so many holes. Tiger apologized, what has M$ ever done ?
      TxM2xTx
      • They made sense

        unlike your post.
        Loverock Davidson
        • So what you're saying is you didn't get the point

          I haven't seen any apologies from Microsoft for the many holes they had to plug over the years. I'm suspecting this caused a lot more grief than Tiger with his women. Yet no apology.
          TxM2xTx
          • Microsoft is a large corporation..

            ..based in the U.S. (a corporatocracy), meaning they don't [i]need[/i] to apologize.

            Where as Tiger Woods is an individual.

            Hence, he needs to apologize, they don't.
            AzuMao
          • No I didn't get the point

            There was no point to get, you were just rambling on. I'm starting to think you want Microsoft to apologize for something, but I'm not quite sure what it is. They aren't going to apologize for making top quality software and they aren't going to apologize for continuing to maintain said top quality software. Which takes us back to my first sentence, there was no point in your post.
            Loverock Davidson
          • Oh, the Irony!

            Loverock Davidson wrote:
            [pre]"They aren't going to apologize for making top quality software and they aren't going to apologize for continuing to maintain said top quality software."[/pre]

            I think that I've found your true calling: Improvisational comedy! ;-)
            nbahn
          • uh ok?

            whatever that was supposed to mean.
            Loverock Davidson
          • Then you must understand clearly

            as there is no substance to any of your posts.
            Viva la crank dodo
          • Loverock you'll never get the point .... its to far over your head

            A simple point you might even be able to understand. Microsoft makes billion and billions every quarter and they can't find away to put out a secure product. There is something wrong with equation in everyones eyes but yours.

            Don't you think its time they get off the pot and supply a decent product for the money they rake in?

            You say they put out a quality product and I say what planet are you living on?

            Even someone like you has to wake up to the facts at some point in time and realize your silly FUD only make you look like a idiot to everyone here on ZDNet.
            Over and Out
          • Nobody makes a secure product

            I'll challenge you to find any software product that is completely safe. That includes any OS, including Mac and any Nix variety. There will always be holes. The big difference is that MS has the largest market share with the most people using it, so it makes sense for hacker/crackers to stick with its products, because it is more productive for them
            Franciscus101
          • @Franciscus101 Just because nothing is absolutely 100% perfect doesn't mean

            that everything is as bad as Windows.

            Also, there are doubtless [i]far[/i] more unknown vulnerabilities in Windows,
            since it relies on security through obscurity (they don't let anyone audit/review
            its source code), and it is mainly just used for playing video games, rather than
            running the biggest bank in the world, the most powerful particle accelerator in
            the world, satellites, stock markets, most of the Internet (including some
            [i]very[/i] high-profile financial institutions such as PayPal), etc, so there is
            far less incentive to attack it, compared to Linux and BSD.
            AzuMao
          • RE:So what you're saying is you didn't get the point

            ...I haven't seen any apologies from Microsoft for the many holes they had to plug over the years...

            Aw, you missed it? Poor baby. Microsoft's apologies are all over the web, along with the apologies from Apple, the several Unices, Oracle, Sap, and the many Linux distros.
            richdave
          • Show me

            Show me one place where they apologized. As well as the others you mention. Yet you and many others continue to defend them. Fleecing of America, another example.
            TxM2xTx
          • RE:Show me

            Hey, clueless! Critical reading skills not quite fully developed yet,? What a NOOB!!!
            richdave
          • RE:Show me

            My initial response may have been harsh, perhaps not giving you sufficient credit. Do this. Print out my post, your response to my post, show it to a friend and perhaps they can explain my post to you in nice, short, mono syllabic sentences you can understand. Then, if you still wish to, respond to my initial post.
            richdave
          • ?

            Why would Microsoft apologies for continuing to work and improve their software. All good developers do this. Even open-source software has to be patched from exploits and vulnerablities, do you want an apology from them too? Difference with Microsoft is that it tends to be consitent with it updates and provides them on a generally predictable schedule allowing for users of their software, especially businesses, to plan accordingly. Imagine if a business was using a Linux server for their operations and developer released updates on a very unpredicateable basic and didn't even warn the business ahead of time that there was a vulnerability, provide a temporary work around, and then a specific and consistent date for the patch. The business would remain vulnerable and not even know that a patch was comming, and when it did it could disrupt the business's operations as they work to prepare to patch their system on the fly.
            avatoin
          • Not for removing the problems. For putting them in to begin with.

            [b] [/b]
            AzuMao