News

Microsoft Readying 6 Fixes for April's Security Update

For the second month in a row, Microsoft will release six bulletin items in its April security update, according to the Microsoft Security Bulletin Advance Notification.

"So far this year Microsoft has been issuing a fairly stable number of patch Tuesday bulletins every month," said Andrew Storms, director of security operations for nCircle in an e-mail. "We saw seven bulletins in January, nine in February, and six in both March and April. This is quite a bit different than their historical pattern of dramatic swings in bulletin volume from month to month."

The monthly patch will feature four "critical" items and two "important" bulletins. All four of the critical bulletins will address remote code execution vulnerabilities in Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft SQL Server, Microsoft Server Software and Microsoft Developer Tools.

As for the two important bulletin items, the first addresses an information disclosure flaw in Microsoft Forefront United Access Gateway, and the second targets an additional remote code execution hole in Microsoft Office.

After last month's alleged leak of RCP code, Marcus Carey, security researcher at Rapid7, discussed the possible tightening of security procedures when it comes to releasing security information to Microsoft partners.

"After the Microsoft MAPP exploit proof-of-concept leak regarding MS12-020, I wouldn't be surprised if Microsoft attempts to batten down the hatches on the amount of information they disclose prior to the monthly patch cycle," said Carey. "Based on that leaked proof-of-concept code, exploit developers were able to create a denial of service exploit."

Microsoft has yet made a statement regarding its ongoing investigation of the information leak.

April's security bulletin is set to arrive at 10 a.m. PST on Tuesday.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.