Microsoft's upcoming Patch Tuesday will fix 64 flaws

By on April 8, 2011, 9:00 AM
Microsoft is lining up 17 security bulletins to address as many as 64 vulnerabilities in Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+ as part of their Patch Tuesday monthly fix cycle. April's batch of updates ties the count of December 2010 as the most ever issued by the company -- though that time it was for a total of 40 flaws. According to Microsoft, 9 of the 17 bulletins will be rated "critical," while the remaining 8 are marked "important."

All critical flaws being addressed carry the risk of remote code execution, including the Windows Server Message Block (SMB) network and file-sharing protocol that was disclosed in February. From the important bulletins, six of them address remote code execution issues, one deals with privilege escalation, and the last one fixes a security flaw that can lead to information disclosure.

All versions of Windows are affected by this batch of updates and seven of the bulletins have mandatory restarts, so it looks like system administrators will have their hands full deploying April's batch of patches. Not included in the list of patched software is Internet Explorer 9; apparently this latest version of Microsoft's browser immune to the flaws being patched. You can read the monthly advance notification detailing the affected software here.




User Comments: 16

Got something to say? Post a comment
ddg4005 ddg4005 said:

That's a lot of patches!

Raswan Raswan said:

Knowing nothing about browsers except that I abandoned IE years ago and recently switched from FF to Chrome, why is it we only read stories about constant IE (and FF, but to a lesser extent) patches fixing security flaws. Haven't seen a story about google releasing critical patches for chrome at all. Is it that the latter is so much better developed, or that IE is just used by so many more people that MS runs into problems no one else has to worry about?

Anyone?

Staff
Rick Rick, TechSpot Staff, said:

Raswan said:

Haven't seen a story about google releasing critical patches for chrome at all. I

Major browsers fall on day one of Pwn2Own, Chrome survives [link]

"contestants will have a chance to win Google's $20,000 prize along with the CR-48 running ChromeOS by hacking the company's Chrome browser"... "Event organizer ZDI will offer $10,000 for escaping the sandbox using non-Google code and Google will grant $10,000 for finding a bug in Chrome. "

But no one even tried -- that probably says something. IE, Safari and Firefox were compromised on the first day.

Guest said:

The reason no one tried Chrome is because Google released a patch right before PWN2OWN. That makes it difficult to roll into PWN2OWN and exploit something known when it was just patched. Now they need to spend the time to find the next security patch.

Also, I think Chrome's silent update helps a lot with the issue. I don't know why all browsers don't use a silent update to constantly roll out patches and fixes.

Guest said:

Now they need to spend the time to find the next security expoit**.

Archean Archean, TechSpot Paladin, said:

@Ras & Rick

Here is one link for critical update and second on here with regard to chrome.

As someone else already mentioned they update it (rather frequently); infact some time I wonder if they are updating (read newer version) just for the sake of 'silently' patching discovered holes.

yRaz yRaz said:

They're putting the bandaid on wrong in the picture. I wonder if that will reflect the quality of the update

Raswan Raswan said:

yRaz said:

They're putting the bandaid on wrong in the picture. I wonder if that will reflect the quality of the update

haha. good one.

lipe123 said:

yRaz said:

They're putting the bandaid on wrong in the picture. I wonder if that will reflect the quality of the update

Lmao dude, well spotted!

captaincranky captaincranky, TechSpot Addict, said:

The reason no one tried Chrome is because Google released a patch right before PWN2OWN. That makes it difficult to roll into PWN2OWN and exploit something known when it was just patched. Now they need to spend the time to find the next security patch.
Which is great, but only if you discount that fact that "Chrome" is factory compromised by Google itself. You know, the whole "spyware masquerading as a web browser" legend.

beast1944 said:

Wow, finally microsoft is doing something right )))

Guest said:

Glad i use Linux

spydercanopus spydercanopus said:

Sweet. An excuse to sell some hours to my clients.

Staff
Rick Rick, TechSpot Staff, said:

The reason no one tried Chrome is because Google released a patch right before PWN2OWN.

So did Microsoft.. And Apple... and Mozilla...

It happens year after year too. I think that DOES mean something, especially since Google offers more incentive than any competitors.

fpsgamerJR62 said:

Another month, another Patch Tuesday and a big one too. At least IE 9 doesn't need to get patched and that is something new .

T77 T77 said:

I got 26 of them.....:p

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.