Compared with last month’s three security bulletins, Microsoft released a record-breaking 17 security bulletins to address 64 publicly disclosed vulnerabilities. This month’s release includes patches for bugs in Microsoft Windows, Microsoft Office, and Microsoft Visual Studio. It also includes a fix for the vulnerability in Internet Explorer that was uncovered during this year’s Pwn2Own contest.
Nine of the said security bulletins have been rated “critical,” as the vulnerabilities these addressed could end in remote code execution. Eight have been rated “important,” six of which could lead to arbitrary code execution, one could allow privilege escalation, and the last could result to unauthorized information disclosure.
This month’s batch of patches also addresses the MHTML vulnerability in Internet Explorer, reported in January, which could be likened to server-side cross-site scripting (XSS) vulnerabilities in terms of impact.
One critical patch addresses the vulnerability in SMB Browser, which was disclosed last February. According to Microsoft’s assessment, even though this may be used to spread malware, no attacks taking advantage of this threat were found.
Users are strongly advised to patch their systems as soon as possible. Trend Micro product users need not worry, however, as they are protected through Deep Security and OfficeScan with the Intrusion Defense Firewall (IDF) plug-in. For more details, visit our security advisory page.