News

Microsoft Readying 6 Fixes for April's Security Update

For the second month in a row, Microsoft will release six bulletin items in its April security update, according to the Microsoft Security Bulletin Advance Notification.

"So far this year Microsoft has been issuing a fairly stable number of patch Tuesday bulletins every month," said Andrew Storms, director of security operations for nCircle in an e-mail. "We saw seven bulletins in January, nine in February, and six in both March and April. This is quite a bit different than their historical pattern of dramatic swings in bulletin volume from month to month."

The monthly patch will feature four "critical" items and two "important" bulletins. All four of the critical bulletins will address remote code execution vulnerabilities in Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft SQL Server, Microsoft Server Software and Microsoft Developer Tools.

As for the two important bulletin items, the first addresses an information disclosure flaw in Microsoft Forefront United Access Gateway, and the second targets an additional remote code execution hole in Microsoft Office.

After last month's alleged leak of RCP code, Marcus Carey, security researcher at Rapid7, discussed the possible tightening of security procedures when it comes to releasing security information to Microsoft partners.

"After the Microsoft MAPP exploit proof-of-concept leak regarding MS12-020, I wouldn't be surprised if Microsoft attempts to batten down the hatches on the amount of information they disclose prior to the monthly patch cycle," said Carey. "Based on that leaked proof-of-concept code, exploit developers were able to create a denial of service exploit."

Microsoft has yet made a statement regarding its ongoing investigation of the information leak.

April's security bulletin is set to arrive at 10 a.m. PST on Tuesday.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus