Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft is readying 17 security bulletins to address 64 vulnerabilities for its April security update, to be released Tuesday.
Nine of the fixes are rated “critical,” while the other eight have been deemed “important,” according to Microsoft's advance notification, released Thursday. The patches will address flaws in Windows, Office, Internet Explorer, Visual Studio, the .NET Framework and GDI+.
“The bug count is a whopping new record,” said Andrew Storms, director of security operations for vulnerability management firm nCircle.
“My guess is we will find out that most of the bugs will be attributed to a single bulletin.”
Administrators should expect to see patches for several publicly known issues, including a vulnerability disclosed in January that is present in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. The flaw, rated important, has been abused in “limited, targeted attacks," Microsoft said.
“This bug garnered a fair amount of attention, and Microsoft released a Fix It tool to thwart attacks,” Storms said. “I'm relieved this bug has finally been fixed. The longer it's out there, the more time attackers have to find other ways to exploit it.”
Microsoft is also planning a patch for a critical Windows Server Message Block (SMB) vulnerability, disclosed in February, that affects all versions of the operating system, Pete Voss, senior response communications manager at Microsoft Trustworthy Computing, said in a blog post Thursday.
The flaw could be exploited to cause a denial-of-service condition or to take complete control of an affected system, but Microsoft said it has not seen any attacks in the wild.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.