Microsoft has announced that it is to release 11 bulletins addressing 25 vulnerabilities in Windows, Microsoft Office and Microsoft Exchange on its next Patch Tuesday.
Of those bulletins, five are rated as critical and cover a remote code execution in Windows. Two are rated as important, with one also covering a remote code execution and another covering an elevation of privilege.
Three further important patches include two for a remote code execution vulnerability in Office, another covering denial-of-service in Windows and Exchange. A moderately rated patch covering ‘spoofing' in Windows complete the rest of the update.
Jerry Bryant, senior security communications manager at Microsoft, recommended that customers review the advance notification service summary page and prepare to test and deploy the bulletins as quickly as possible. He also pointed out that security advisory 981169 - vulnerability in VBScript that could allow remote code execution, and security advisory 977544 - a vulnerability in SMB that could allow denial-of-service, will be closed.
Wolfgang Kandek, CTO at Qualys, claimed that this is a fairly large update and will keep system administrators busy. He said: “Similar to past Patch Tuesdays, Windows 7 has less critical updates to install than the older operating systems versions, an indication that the newer version of Windows are more robust and secure out of the box.”
Alan Bentley, VP international at Lumension, said: “After last month's light load of patches, Microsoft is releasing a total of 11 patches to address 25 various vulnerabilities in April.
“Overall, April's Patch Tuesday bulletin will address at least two critical vulnerabilities for every popular Microsoft platform in use today, so the impact will be widespread regardless of what operating systems companies are currently running.
“This means that IT departments will have to address and patch almost every endpoint including servers, laptops and desktops in the organisation. They should be prepared this month and plan ahead as to how they are going to test and then deploy these patches with minimal interruptions to employee productivity levels.”
Windows Vista RTM will no longer be supported after the April bulletin, while Service Pack 1 will still be supported until 12th July 2011, but it recommended customers to update to Service Pack 2 or Windows 7.
Microsoft also confirmed that Windows XP Service Pack 2 will no longer be supported after the 13th July, and encouraged upgrading to Service Pack 3 or to Windows 7 as soon as possible. On the same date it will also retire extended support for Windows 2000.