Microsoft is planning a significant Patch Tuesday update April 13 to address 25 vulnerabilities across Windows, Microsoft Office and Microsoft Exchange.
In its pre-patch advisory April 8, Microsoft said there would be a total of 11 security bulletins issued. Five of the 11 are rated critical and affect Windows. Of the remaining six, all but one are classified as important. The final bulletin is rated moderate.
"The five critical bulletins affect all versions of Windows software that are widely being used and could therefore cause an interruption in services affecting workflow and productivity levels ... [IT departments] should be prepared this month and plan ahead as to how they are going to test and then deploy these patches with minimal interruptions to employee productivity levels," noted Don Leatham, senior director of solutions and strategy for Lumension.
Among the problems addressed by the bulletins are two bugs Microsoft warned users about in the past-the vulnerability in the SMB protocol reported in November, and a vulnerability in VBScript the company warned users about in March. Neither bug is believed to be the subject of attacks.
Jerry Bryant, Microsoft's group manager of Security Response Center Communications, also reminded users in a blog post that Microsoft will be terminating support for a number of products in the days and months ahead, and urged users to migrate to supported platforms. Windows XP Service Pack 2 and Windows 2000 will end July 13, he noted, and Windows Vista RTM will no longer be supported after the April 13 bulletin release. Service Pack 1 will still be supported until July 12, but customers should update to Service Pack 2 or Windows 7 at this time, Bryant recommended.