Microsoft has published advanced notice of April’s patch Tuesday which wil contain 17 updates (which Microsoft calls “bulletins”) with fixes for a mammoth 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer and Microsoft Developer Tools.
Nine of the bulletins are marked as critical and some of the updates will require a system restart. The big question is if Microsoft will fix the now imfamous MHTML bug? Regular readers of Live Hacking will be familiar with the ongoing saga with the MHTML vulnerability in Windows. Discovered in January, Microsoft failed to fix the problem in its February and March security updates and left ALL Windows users (from XP onwards) vulnerable to specially crafted web pages designed to exploit the security hole.
The good news is that according to a Microsoft Security Response Center blog Microsoft will indeed now patch this hole.
We are also planning a fix for the MHTML vulnerability in Windows, rated Important. We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January. In March, we updated the advisory to let people know we were aware of limited, targeted attacks.
These updates are scheduled for Tuesday April 12, at approximately 10 a.m. PDT. Microsoft’s monthly technical webcast is scheduled for Wednesday, April 13 at 11 a.m. PDT, and the registration can be found here.