MS Patch Tuesday heads-up: 25 holes in Windows, Office

Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix 25 documented vulnerabilities that expose Windows users to remote code execution attacks.

Five of the 11 bulletins will be rated "critical," Microsoft's highest severity rating.  The flaws affect all versions of Windows, including the company's newest Windows 7 operating system.

The vulnerabilities will address security holes in Windows, Microsoft Office, and Microsoft Exchange, according to Jerry Bryant, a group manager in Redmond's security response center.

Bryant also confirmed that the April batch of patches will include fixes for two publicly known issues:

• Microsoft Security Advisory (981169) -- Vulnerability in VBScript Could Allow Remote Code Execution.
• Microsoft Security Advisory (977544) -- Vulnerability in SMB Could Allow Denial of Service

[ SEE: Hacker exploits IE8 on Windows 7 to win Pwn2Own ]

The Internet Explorer flaw exploited at this year's Pwn2Own contest will not be patched this month. Microsoft typically alternates between patching OS and client software vulnerabilities which means the next IE patch isn't scheduled until May 4th, 2010 at the earliest.

Windows users can find all the affected software and severity ratings in the Microsoft's advance notice summary.

If you're on Twitter, you can receive updates from the MSRC at the new @MSFTSecResponse account.