Microsoft's upcoming Patch Tuesday will fix 64 flaws

[Jos]

Microsoft is lining up 17 security bulletins to address as many as 64 vulnerabilities in Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+ as part of their Patch Tuesday monthly fix cycle. April's batch of updates ties the count of December 2010 as the most ever issued by the company -- though that time it was for a total of 40 flaws. According to Microsoft, 9 of the 17 bulletins will be rated "critical," while the remaining 8 are marked "important."

All critical flaws being addressed carry the risk of remote code execution, including the Windows Server Message Block (SMB) network and file-sharing protocol that was disclosed in February. From the important bulletins, six of them address remote code execution issues, one deals with privilege escalation, and the last one fixes a security flaw that can lead to information disclosure.

All versions of Windows are affected by this batch of updates and seven of the bulletins have mandatory restarts, so it looks like system administrators will have their hands full deploying April's batch of patches. Not included in the list of patched software is Internet Explorer 9; apparently this latest version of Microsoft's browser immune to the flaws being patched. You can read the monthly advance notification detailing the affected software here.

Permalink to story.

https://www.techspot.com/news/43202-microsofts-upcoming-patch-tuesday-fix-64-flaws.html

 

[DDG4005]

That's a lot of patches!

 

[Raswan]

Knowing nothing about browsers except that I abandoned IE years ago and recently switched from FF to Chrome, why is it we only read stories about constant IE (and FF, but to a lesser extent) patches fixing security flaws. Haven't seen a story about google releasing critical patches for chrome at all. Is it that the latter is so much better developed, or that IE is just used by so many more people that MS runs into problems no one else has to worry about?

Anyone?

 

[Rick]

Raswan said:
Haven't seen a story about google releasing critical patches for chrome at all. I

Major browsers fall on day one of Pwn2Own, Chrome survives https://www.techspot.com/news/38368-major-browsers-fall-on-day-one-of-pwn2own-chrome-survives.html

"contestants will have a chance to win Google's $20,000 prize along with the CR-48 running ChromeOS by hacking the company's Chrome browser"... "Event organizer ZDI will offer $10,000 for escaping the sandbox using non-Google code and Google will grant $10,000 for finding a bug in Chrome. "

But no one even tried -- that probably says something. IE, Safari and Firefox were compromised on the first day.

 

[Guest]

The reason no one tried Chrome is because Google released a patch right before PWN2OWN. That makes it difficult to roll into PWN2OWN and exploit something known when it was just patched. Now they need to spend the time to find the next security patch.

Also, I think Chrome's silent update helps a lot with the issue. I don't know why all browsers don't use a silent update to constantly roll out patches and fixes.

 

[Guest]

Now they need to spend the time to find the next security expoit**.

 

[Archean]

@Ras & Rick
Here is one link for critical update and second on here with regard to chrome.

As someone else already mentioned they update it (rather frequently); infact some time I wonder if they are updating (read newer version) just for the sake of 'silently' patching discovered holes.

 

[yRaz]

They're putting the bandaid on wrong in the picture. I wonder if that will reflect the quality of the update

 

[Raswan]

yRaz said:
They're putting the bandaid on wrong in the picture. I wonder if that will reflect the quality of the update

haha. good one.

 

[lipe123]

yRaz said:
They're putting the bandaid on wrong in the picture. I wonder if that will reflect the quality of the update

Lmao dude, well spotted!

 

[captaincranky]

The reason no one tried Chrome is because Google released a patch right before PWN2OWN. That makes it difficult to roll into PWN2OWN and exploit something known when it was just patched. Now they need to spend the time to find the next security patch.

Which is great, but only if you discount that fact that "Chrome" is factory compromised by Google itself. You know, the whole "spyware masquerading as a web browser" legend.

 

[beast1944]

Wow, finally microsoft is doing something right )))

 

[Guest]

Glad i use Linux

 

[spydercanopus]

Sweet. An excuse to sell some hours to my clients.

 

[Rick]

The reason no one tried Chrome is because Google released a patch right before PWN2OWN.

So did Microsoft.. And Apple... and Mozilla...

It happens year after year too. I think that DOES mean something, especially since Google offers more incentive than any competitors.

 

[fpsgamerJR62]

Another month, another Patch Tuesday and a big one too. At least IE 9 doesn't need to get patched and that is something new .

 

[T77]

I got 26 of them.....