Microsoft is to release 17 security bulletins including nine rated critical and eight rated important on its next Patch Tuesday.
Pete Voss, senior response communications manager at Microsoft Trustworthy Computing, said that the April Patch Tuesday will address 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, the .NET Framework and GDI+.
He said: “This month we'll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (critical) issue that was publicly disclosed in February. Microsoft assessed the situation and reported that although the vulnerability could theoretically allow remote code execution, that was extremely unlikely. To this day, we have seen no evidence of attacks.
“We are also planning a fix for the MHTML vulnerability in Windows, rated important. We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January. In March, we updated the advisory to let people know we were aware of limited, targeted attacks.”
Amol Sarwate, manager at the vulnerability research lab at Qualys, said: “This is a huge update and system administrators should plan for deployment as all Windows systems, including Server 2008 and Windows 7, are affected by critical bulletins. Frequently used Office applications like Excel 2003 through 2010 and PowerPoint 2002 through 2010 are also affected."