April Microsoft Patches

Microsoft has delivered an Easter basket full of security goodies for IT administrators, patching 64 vulnerabilities with 17 security bulletins – a new Patch Tuesday record.

64 is a lot of vulnerabilities, however the smaller numbers of patches that Microsoft has delivered in recent months has finally caught up to them.  I am pleased to see a large number this month, and hope that delivering on the backlog is the new trend.  Keep going, Microsoft.  Let’s reduce the potential attack surface on these operating systems and applications!

Of the17 bulletins released today, nine are rated critical, eight are rated as important.   I don’t necessarily agree with the rating of important for remote code execution vulnerabilities, they should almost always be considered critical, but that is just my opinion.  The 17 patches fix 64 vulnerabilities, affecting all versions of Windows, Office, Internet Explorer, Visual Studio, .NET framework, as well as GDI+.  The previous record on security fixes was 49 set in October 2010.

Two of the vulnerabilities are being actively exploited in the wild, and a large number have proof of concept code available.  Development and delivery of exploits for these vulnerabilities will follow quite quickly upon patch release.

SANS has once again done an excellent job of summarizing an prioritizing the patches.  http://isc.sans.edu/diary.html?storyid=10693