madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Patch Tuesday heads-up: 17 bulletins, 64 vulnerabilities

By | April 7, 2011, 2:34pm PDT

Summary: Microsoft is planning a monster Patch Tuesday next week: 17 bulletins with fixes for 64 documented vulnerabilities across a wide range of Windows products.

Microsoft is planning a monster Patch Tuesday next week:  17 bulletins with fixes for 64 documented vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

According to Microsoft’s advance notice, 9 of the 17 bulletins will be rated “critical,” the company’s highest severity rating.

This month’s batch of patches, due at 1:00 pm Eastern on Tuesday April 12, will include an Internet Explorer browser update that fixes a pair of publicly known security problems:

This month we’ll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (Critical) issue publicly disclosed Feb. 15. Microsoft assessed the situation and reported that although the vulnerability could theoretically allow Remote Code Execution, that was extremely unlikely.  To this day, we have seen no evidence of attacks.

We are also planning a fix for the MHTML vulnerability in Windows, rated Important. We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January. In March, we updated the advisory to let people know we were aware of limited, targeted attacks.

There is no word on whether this IE update will include a fix for the multiple bugs used in the winning CanSecWest Pwn2Own exploit.

All versions of Windows are affected by this batch of updates, including the newest Windows 7.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Vulnerability, Ryan Naraine, Bulletin, Security

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 56 Talkback(s)

  • It would be nice if, for once...
    everyone would agree that finding and fixing vulnerabilities is a good thing, and that no software is perfect, and just leave it at that.
    ZDNet Gravatar
    msalzberg
    7th Apr
  • Closing stable doors is fine...
    @msalzberg
    ... just so long as the horses didn't bolt weeks earlier wink.
    ZDNet Gravatar
    Zogg
    7th Apr
  • What does this mean?
    @Zogg: Closing stable doors is fine just so long as the horses didn't bolt weeks earlier.

    Are there any specific "horses" you're referring to?
    ZDNet Gravatar
    ye
    7th Apr
  • RE: Patch Tuesday heads-up: 17 bulletins, 64 vulnerabilities
    @ye
    Ever heared of the term "idium"?

    What he means in this case is "just as long as the vulnerabilities haven't gone wild for a long period".

    Guessing english is your second language grin
    ZDNet Gravatar
    MrElectrifyer
    7th Apr
  • RE: Patch Tuesday heads-up: 17 bulletins, 64 vulnerabilities
    @MrElectrifyer

    "Ever heared[sic] of the term "idium[sic]"?"

    Guessing english isn't your native tongue, either.
    ZDNet Gravatar
    msalzberg
    7th Apr
  • Either MrElectrifyer's reading comprehension is much better than yours
    @Ye
    Or you were spoiling for a fight. Again.
    Possibly even both.
    ZDNet Gravatar
    Zogg
    8th Apr
  • Did you happen to notice the quotes?
    @MrElectrifyer: Ever heared of the term "idium"?
    ZDNet Gravatar
    ye
    8th Apr
  • See my response to MrElectrifyer
    @Zogg: Or you were spoiling for a fight. Again.
    Possibly even both.


    What I was "spoiling" (see, there are those quotes again) for was you to explain what you meant with your post as it isn't clear to me what you're trying to say.
    ZDNet Gravatar
    ye
    8th Apr
  • See MrElectrifyer's response to you.
    @Ye
    MrElectrifyer understood my post: a general comment on the time interval between bugs being found and patches being provided.

    I had originally planned to suggest that the horses may not have bolted during that time, but may have been replaced by wooden ones instead. And you may contemplate the extra implications of that at your leisure... wink
    ZDNet Gravatar
    Zogg
    8th Apr
  • You comment doesn't make sense.
    @Zogg: a general comment on the time interval between bugs being found and patches being provided.

    That phrase is used after some event has happened. To my knowledge there has been no event, hence my question to you.
    ZDNet Gravatar
    ye
    8th Apr
  • @Zogg
    @Zogg

    Nice, very nice! Although you'd be alright if you have a daughter called Cassandra! wink
    ZDNet Gravatar
    DevJonny
    8th Apr
  • Oh, the irony!!!!
    @Ye

    "That phrase is used after some event has happened."

    After the horses have bolted, eh grin ??? Don't you think it's always worth patching sooner rather than later? Or have you forgotten the sense of the original post?
    ZDNet Gravatar
    Zogg
    8th Apr
  • Yes, I do.
    @Zogg: Don't you think it's always worth patching sooner rather than later? Or have you forgotten the sense of the original post?

    This still doesn't explain your original post.
    ZDNet Gravatar
    ye
    8th Apr
  • RE: Patch Tuesday heads-up: 17 bulletins, 64 vulnerabilities
    @MrElectrifyer
    Never heard of the term "idium". (Never heard of the word "heared", either. Perhaps you're referring to the word "Idiom"? (Spelled like "idiot"...just replace the "t" with an "m".
    Guessing english isn't your language at all.
    ZDNet Gravatar
    bbrandes
    8th Apr
  • Patch Tuesday.... Weld? Huh? Where am I?
    @Zogg
    The daughter Cassandra? Idium? Wooden horses?
    Apart from Illium being mis-spelled, I fear I may have wandered into a forum on Homeric literature!

    I hate to spoil the ending, but- the Trojans lost.
    Damn, the Greeks had powerful AV products back then!
    And please don't close those (Augean) stable doors just yet- Hercules is still busy cleaning 'em out!
    ZDNet Gravatar
    PercySludge
    8th Apr
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources