The seven security bulletins will address 25 vulnerabilities, noted Angela Gunn with Microsoft Trustworthy Computing. “We recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible”, Gunn added.
IT administrators should focus on Bulletin 3, which addresses critical flaws in “many different operating systems”, advised Andrew Storms, director of security operations with nCircle. He predicted that the bulletin on IE would plug holes identified in this year’s Pwn2Own hackers’ contest.
Paul Henry, security and forensic analyst with Lumension, noted that four of the bulletins will require a restart. Including the Patch Tuesday fixes, Microsoft has issued 35 security patches this year, compared with 99 total patches last year, he explained.
Reviewing the critical bulletins, Wolfgang Kandek, chief technology officer with Qualys, commented: “Bulletin 1 is for a vulnerability in Windows rated 'moderate' on XP, but 'critical' on all other versions of Windows including Windows 7. Bulletin 2 brings a new version of Internet Explorer (6, 7, 8, 9 depending on operating system) that include the fixes for the attack disclosed at the Pwn2Own contest in March. Bulletin 3 is an update to the .NET Framework, again applicable to all versions of Windows currently supported.”