Patch Tuesday: VBScript and SMB patches at last

Stephen Withers
Friday, 09 April 2010 10:49

Business IT - Security

25 vulnerabilities will be patched by Microsoft next Tuesday, including the SMB issue disclosed last November.

Microsoft is set to release 11 security bulletins addressing 25 vulnerabilities this month. They cover Windows, Office and Exchange.

Nine of the bulletins concern Windows, and all currently-supported versions of the operating system (2000, XP, Vista, Windows 7, Server 2003, and Server 2008) have at least two critical issues. One of them appears to be the VBScript 'help' issue that was publicly disclosed at the end of February but not fixed in time for March's Patch Tuesday.

Another may be the SMB vulnerability that was publicly disclosed in November 2009, but as it allows denial of service rather than remote code execution, it could be given a lower severity rating.

The two Office bulletins relate to the versions of Publisher and Visio that are part of Office XP, 2003 and 2007. Both are rated important.

The Exchange bulletin is rated important for Exchange Server 2003 only, However, Microsoft is recommending that users of Exchange Server 2000, 2007 and 2010 apply the update "as a defence-in-depth measure."

Microsoft intends to release the updates on April 13, US time.