Miles Associates LLC

 Slates record-tying 34 patches for Windows, IE, Office and SharePoint

The patches will also quash two bugs that Microsoft acknowledged in February and April.

“I’d actually call this a moderate month,” said Andrew Storms, director of security operations at nCircle Security. “Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn’t look like a huge month to me.”

By the numbers, however, next week’s updates will be huge. Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.

via networkworld.com.

No surprise that there are a lot of updates (11) and that there is something critical for just about everybody!

Microsoft Security Bulletin Advance Notification issued: April 8, 2010

Microsoft Security Bulletins to be issued: April 13, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010.

via Microsoft Security Bulletin Advance Notification for April 2010.

Microsoft today announced it will issue an emergency security update for Internet Explorer IE tomorrow to patch a zero-day vulnerability that has been used to launch drive-by attacks for at least several weeks.

Tuesday’s update will be the second out-of-band update — Microsoft’s term for one outside its normal once-each-month Patch Tuesday — in the last three months.

via http://www.networkworld.com/news/2010/032910-microsoft-to-patch-ie-zero-day.htm

Out of the 13 advisories this month, administrators are advised to patch MS10-006, MS10-009, MS10-013, MS10-015, and MS09-012 immediately. Machines with Microsoft Office installed should also be patched for MS10-003 and MS10-004 as soon as possible. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.

As always, eEye suggests that users roll out Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity.

via eEye Digital Security .

This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer… The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.

EEye recommends immediate installation of the patch.

via eEye Digital Security .

Out of the 6 patches this month, three are client-side specific, and 3 are remote network vulnerabilities. Administrators should patch MS09-072, MS09-0071, and MS09-073 immediately. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.

via Security bulletin from eEye Digital Security .

Looks like 13 bulletins, 8 of them critical, and something for everyone…   Microsoft Security Bulletin Advance Notification for October 2009.