Microsoft is planning a huge Patch Tuesday for April, alerting customers that the company will issue 17 bulletins next week to fix a total of 64 vulnerabilities. Nine of the bulletins have a maximum severity rating of critical.
The bulletins will cover a range of Microsoft products, including several versions of Windows and Internet Explorer and Microsoft Office. One of the bugs that Microsoft will fix on April 12 is the SMB vulnerability that has been publicly known since the middle of February.
“This month we’ll be closing some issues that Microsoft has already
previously spoken to, including the SMB Browser (Critical) issue
publicly disclosed Feb. 15. Microsoft assessed the situation and reported
that although the vulnerability could theoretically allow Remote Code
Execution, that was extremely unlikely. To this day, we have seen no
evidence of attacks,” Microsoft said in its advance notification.
“We are also planning a fix for the MHTML vulnerability in Windows, rated Important. We alerted people to this issue with Security Advisory 2501696
(including a Fix-It that fully protected customers once downloaded)
back in late January. In March, we updated the advisory to let people
know we were aware of limited, targeted attacks.”