Microsoft is to release fixes for 25 vulnerabilities affecting Windows, Office and Exchange on Patch Tuesday
In what will be a significant Patch Tuesday update on 13 April, Microsoft confirmed that it will address 25 vulnerabilities across Windows, Microsoft Office and Microsoft Exchange.
In its pre-patch advisory 8 April, Microsoft said there would be a total of 11 security bulletins issued. Five of the 11 are rated critical and affect Windows. Of the remaining six, all but one are classified as important. The final bulletin is rated moderate.
“The five critical bulletins affect all versions of Windows software that are widely being used and could therefore cause an interruption in services affecting workflow and productivity levels … [IT departments] should be prepared this month and plan ahead as to how they are going to test and then deploy these patches with minimal interruptions to employee productivity levels,” noted Don Leatham, senior director of solutions and strategy for Lumension.
Among the problems addressed by the bulletins are two bugs Microsoft warned users about in the past – the vulnerability in the SMB protocol reported in November, and a vulnerability in VBScript the company warned users about in March. Neither bug is believed to be the subject of attacks.
Jerry Bryant, Microsoft’s group manager of Security Response Center Communications, also reminded users in a blog post that Microsoft will be terminating support for a number of products in the days and months ahead, and urged users to migrate to supported platforms. Windows XP Service Pack 2 and Windows 2000 will end 13 July, he noted, and Windows Vista RTM will no longer be supported after the 13 April bulletin release. Service Pack 1 will still be supported until 12 July, but customers should update to Service Pack 2 or Windows 7 at this time, Bryant recommended.