Microsoft's record Patch Tuesday
It's a record for Microsoft: 9 critical and 8 important updates close a total of 64 security holes. In the worst case, a number of the vulnerabilities allow for remote code execution; in other words, arbitrary code can be injected and executed, such as from specially crafted documents and websites. Microsoft put 44 of them in the category Exploitability Index 1, meaning that the code that exploits the flaw will probably go into circulation soon.
The software affected ranges from Windows to Internet Explorer, Office, Visual Studio, .NET, and GDI+. For an overview, see the Microsoft Security Bulletin Summary for April 2011. At the top of Microsoft's to-do list are updates for Internet Explorer (MS11-018) and the client/server file shares (SMB, MS11-019/MS11-020), followed by the new kill bits for vulnerable ActiveX components (MS11-027) and the .NET update in MS11-028.
Monster update MS11-034 is truly remarkable; it patches 30 security holes in Windows kernel drivers in one fell swoop. Two recurring bugs in internal memory management can apparently allow users to escalate their system rights.
In a blog post, Microsoft's security team underscores two new security functions that are reportedly available with the update. First, Microsoft now also offers extended security checks of Office files for Office 2003 and 2007 (Office File Validation). Because the Office sandbox called "Protected View" is only available in Office 2010, users of older versions now at least receive a warning notice if a file seems suspicious. The blog post does not, however, say whether the alarm also works with the flash exploits in Excel and Word files.
The second new security function is a direct reaction to the Alureon/TDL rootkit, which managed to out-smart 64-bit Windows and launch Windows in a maintenance mode that also accepts unsigned drivers. Redmond has now provided an improved loader to remedy the situation. Microsoft says Alureon is the most common rootkit in Germany.