Microsoft's next Patch Tuesday in April
Next Tuesday, April 10, is Microsoft's next scheduled Patch Tuesday. The software vendor plans to release five security bulletins to close a number of security holes in addition to providing updates. Four of the bulletins are expected to describe problems in Windows, at least one of which is categorized as critical. These updates will probably require systems to be restarted after installation. However, the holes in Office products that have been known since February are apparently still not to be patched.
Another bulletin deals with the critical hole in Microsoft's Content Management Server. Additionally, the latest version of the Windows Malicious Software Removal Tool will be released. Finally, the software vendor will be releasing six other updates not related to security via the Windows Update (WU) function, Software Update Services (SUS), Microsoft Updates, and Windows Server Update Services (WSUS).
Just last Tuesday, Microsoft had to announce an unscheduled Patch Day to close a critical hole in Windows; attackers were able to inject code onto Windows PCs via a file for animated cursors (*.ani) when users visited malicious websites. This vulnerability not only affected Internet Explorer, but also Firefox and other applications that can handle ANI files, such as the IrfanView image viewer. Unfortunately, the patch for this ANI hole conflicted with systems using a Realtek sound chip and some other software, so that Microsoft had to provide a patch for the patch immediately.
- Microsoft Security Bulletin Advance Notification, Microsoft's announcement