Microsoft is planning a monster Patch Tuesday next week: 17 bulletins with fixes for 64 documented vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.
According to Microsoft's advance notice, 9 of the 17 bulletins will be rated "critical," the company's highest severity rating.
This month's batch of patches, due at 1:00 pm Eastern on Tuesday April 12, will include an Internet Explorer browser update that fixes a pair of publicly known security problems:
This month we'll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (Critical) issue publicly disclosed Feb. 15. Microsoft assessed the situation and reported that although the vulnerability could theoretically allow Remote Code Execution, that was extremely unlikely. To this day, we have seen no evidence of attacks.
We are also planning a fix for the MHTML vulnerability in Windows, rated Important. We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January. In March, we updated the advisory to let people know we were aware of limited, targeted attacks.
There is no word on whether this IE update will include a fix for the multiple bugs used in the winning CanSecWest Pwn2Own exploit.
All versions of Windows are affected by this batch of updates, including the newest Windows 7.