Microsoft Releases 17 Bulletins Fixing 64 Issues on April Patch Tuesday

Microsoft has released an advance notification of 17 security bulletins that the software giant is intending to release on April 12, 2011. Last month, the software giant released only 3 bulletins which fixed four vulnerabilities. Next week Microsoft is going to release 17 bulletins, fixing 64 different vulnerabilities. Nine bulletins are critical, with all carrying the risk of remote code execution. The remaining eight bulletins are ranked important; six of these enable remote code execution, one allows privilege escalation, and the last can lead to information disclosure. Seven of the bulletins have mandatory restarts; the remainder “may” do so.

Along with the typical patches for Windows, Internet Explorer, and Office, a couple of the security bulletins include patches for Office Web Apps and Visual Studio. The security bulletins does not include any patches for Internet Explorer 9; apparently it seems that the latest browser version is immune to the flaws that are affecting IE versions 6, 7, and 8 that will be patched next week.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The following table summarizes the security bulletins for this month in order of severity.

# Rating Impact Affected software
1 Critical Remote Code Execution Internet Explorer 6/7/8, Windows XP/2003/Vista/7/2008 R2
2 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
3 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
4 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
5 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
6 Critical Remote Code Execution Office XP, Windows XP/2003/Vista/2008
7 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
8 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
9 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
10 Important Remote Code Execution Excel 2002 (Office XP)/2003/2007/2010, Office for Mac 2004/2008/2011, Excel Viewer, Open XML File Format Converter for Mac, Office Compatibility Pack
11 Important Remote Code Execution PowerPoint Web App, PowerPoint 2002 (Office XP)/2003/2007/2010, Office for Mac 2004/2008/2011, PowerPoint Viewer, PowerPoint Viewer 2007, Open XML File Format Converter for Mac, Office Compatibility Pack
12 Important Remote Code Execution Office XP/2003/2007, Office for Mac 2004/2008, Open XML File Format Converter for Mac
13 Important Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
14 Important Remote Code Execution Visual Studio .NET 2003/2005/2008/2010, Visual C++ Redistributable 2005/2008/2010
15 Important Information Disclosure Windows XP/2003/Vista/2008/7/2008 R2
16 Important Remote Code Execution Windows XP/2003
17 Important Elevation of Privilege Windows XP/2003/Vista/2008/7/2008 R2

The bulletins will be released on Tuesday at 10:00am PST, and there will be the usual webcast the following day at 11:00am PST (apparently, in spite of Redmond now being on PDT) to address customer questions.

You may also like...