Microsoft Readying 6 Fixes for April's Security Update
For the second month in a row, Microsoft will release six bulletin items in its April security update, according to the Microsoft Security Bulletin Advance Notification.
"So far this year Microsoft has been issuing a fairly stable number of patch Tuesday bulletins every month," said Andrew Storms, director of security operations for nCircle in an e-mail. "We saw seven bulletins in January, nine in February, and six in both March and April. This is quite a bit different than their historical pattern of dramatic swings in bulletin volume from month to month."
The monthly patch will feature four "critical" items and two "important" bulletins. All four of the critical bulletins will address remote code execution vulnerabilities in Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft SQL Server, Microsoft Server Software and Microsoft Developer Tools.
As for the two important bulletin items, the first addresses an information disclosure flaw in Microsoft Forefront United Access Gateway, and the second targets an additional remote code execution hole in Microsoft Office.
After last month's alleged leak of RCP code, Marcus Carey, security researcher at Rapid7, discussed the possible tightening of security procedures when it comes to releasing security information to Microsoft partners.
"After the Microsoft MAPP exploit proof-of-concept leak regarding MS12-020, I wouldn't be surprised if Microsoft attempts to batten down the hatches on the amount of information they disclose prior to the monthly patch cycle," said Carey. "Based on that leaked proof-of-concept code, exploit developers were able to create a denial of service exploit."
Microsoft has yet made a statement regarding its ongoing investigation of the information leak.
April's security bulletin is set to arrive at 10 a.m. PST on Tuesday.