Microsoft is to release three critical patches on next week's Patch Tuesday.
Fixing remote code execution flaws in Office, Windows, the .NET Framework and Silverlight, the three critical patches are due to be released on 8 May, with four other patches rated as important and fixing remote code execution flaws in Office and elevation of privilege vulnerabilities in Windows.
Wolfgang Kandek, CTO of Qualys, said: “The three critical bulletins provide fixes for Microsoft Office, Silverlight and .NET, with bulletin two impacting all three products. These bulletins will be highest-priority for IT admins, especially bulletin one, which has critical rating for Office 2003 and 2007, which we do not see all that often. Bulletin one also affects Office for the Macintosh, but is rated only important on that platform.
“Bulletins four and five will also cover Office, and while they are ranked as important, they provide fixes for remote code execution vulnerabilities. They should be considered a high priority as bulletin four affects the free Excel viewer and bulletin five the free Visio viewer, giving us a clue as to what file formats contain the weaknesses.”
Andrew Storms, director of security operation for nCircle, said: “Last year, the release schedule for Microsoft's Patch Tuesday followed a ‘feast and famine' approach, alternating months with high and low patch counts. This year, however, Microsoft has been releasing about the same number of bulletins for each month.
“Four of the seven bulletins this month are related to Microsoft Office. We can also expect most of the usual ‘problem children', including .NET, Windows and Silverlight.”
Paul Henry, security and forensic analyst at Lumension, said: “The disruptive restarts and the wide range of platforms impacted by this month's bulletins will have IT teams scrambling to accomplish their flaw remediation tasks. With the workload from Oracle and now the bulletins expected from Microsoft, many will unfortunately not get a break for the Bank Holiday weekend.
“Pending the official release from Microsoft on Tuesday, of greatest concern are critical bulletins two and three, which impact both legacy and current-generation operating systems.”