Microsoft said it would ship seven security updates on 8 May The number of patches — nearly two dozen — is higher than usual.
Four updates will address vulnerabilities in Windows; four will impact Office, Microsoft’s popular application suite; and one will affect the Silverlight development framework. Three of the pending bulletins are Office-only, while one is shared with Windows and Silverlight. The trio of Office-only updates will patch flaws in Word, Excel, and Visio. “There’s a heavy lean toward Office here,” Storms noted.
Bulletin 2 should rise to the top of the to-do list – these patches are critical, and impact virtually every edition of Windows, applies to all currently supported versions of Office on Windows, and patches one or more bugs in Silverlight.
Although today’s advance notification for next week’s Patch Tuesday was the usual bare-bones outline, Storms suspected that Bulletin 2 would fix bugs in the .Net development framework, which is included by default with Windows, and is also used by Office programmers.
“.Net could be the common ground,” Storms speculated.
Others, including Kandek and Marcus Carey of Rapid7, didn’t call out a single update for special attention, but instead noted that the three critical bulletins, as well as two labeled important, should be patched as soon as possible next week.
Both updates rated important can result in what Microsoft calls “remote code execution” — meaning attackers could hijack a PC if they successfully exploited the vulnerabilities — and were aimed at Excel and Visio.
Two of the four Office updates will apply to the 2008 and 2011 editions of Office for Mac.
Storms also commented on Microsoft’s apparent quickened bug-patching tempo so far this year. When next week’s 23 are added to the mix, Microsoft will have issued 70 patches so far this year; the company had fixed only 59 flaws by the end of May 2011.
Microsoft will release the seven updates at approximately 1 p.m. Eastern Time 8 May 2012 ie tomorrow
