Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix multiple vulnerabilities that expose Windows users to remote code execution attacks.
Five of the 11 bulletins will be rated “critical,” Microsoft’s highest severity rating. The flaws affect all versions of Windows, including the company’s newest Windows 7 operating system.
In all, Microsoft will patch a whopping 25 documented vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange, according to Jerry Bryant, a group manager in Redmond’s security response center.
Bryant also confirmed that the April batch of patches will include fixes for two publicly known issues:
- Microsoft Security Advisory (981169) – Vulnerability in VBScript Could Allow Remote Code Execution.
- Microsoft Security Advisory (977544) – Vulnerability in SMB Could Allow Denial of Service
The Internet Explorer flaw exploited at this year’s Pwn2Own contest will not be patched this month. Microsoft typically alternates between patching OS and client software vulnerabilities which means the next IE patch isn’t scheduled until May 4th, 2010 at the earliest.
Windows users can find all the affected software and severity ratings in the Microsoft’s advance notice summary.