The Redmont software giant Microsoft today announced it will ship next week 13 new security patches that will fix 22 vulnerabilities in its applications Visio, Internet Explorer, and Visual Studio, including its Windows 7 OS. The upcoming Tuesday update lineup exceeds last month’s patch count but matches the total vulnerabilities to be fixed.
Andrew Storm, nCircle Security’s director of security operations, said the that 22 vulnerability fixes are not large and is more in the” medium range” but adds that while this is expected based on previous patch releases, the number of flaws being fixed has increased with “a new baseline…being drawn this year.”
In June, Microsoft released 16 patches to fix 34 known bugs and in April, it released 17 patches to fix 64 flaws. Two of the 13 patches recently released are considered “critical” by Microsoft, registering the highest threat rating in a 4-step ranking system. Nine fixes were rated “important” and the rest considered “moderate.”
According to Storm, the Internet Explore update came across the board as one of the two critical items, with details posted in its monthly notification. Experts are most likely to recommend that users apply the relevant IE fix first as client-bugs carry top priority. The patches this Tuesday will apply to all IE versions, including the latest IE9 which received it first critical fix in June, just 3 months after being released.
The other critical patches target the latest iteration of its server-run Windows Server 2008 and Server 2008 R2, as well as its 8-year old Server 2003 though Microsoft rated the update for the older version as important, rather than critical. But it was the update on Windows 7 and Server 2008 R2 which are the company’s latest client and server apps that is receiving more attention, according to Strom. And of the other patches, five will not apply for Windows XP, the 10-year old OS that Microsoft has been pushing into retirement since the release of its Windows 7.
Tuesday’s patchworks will also update Net framework and Visual Studio 2005, the technical drawing apps in the Office Suite, as well as its development toolset. Visio 2003 was already patched last month to protect it from DLL load hacking and the latest patches will address still unpatched Visio features in the 2003, 2005 and 2010 iterations.