April 2011 Patch Tuesday Sets a New RecordBy: Dennis Dwyer
This month's Microsoft Patch Tuesday release set a new record. Microsoft released a total of 17 bulletins covering 64 CVEs, the largest number of patches in one month to date. While some users may have configured Windows to automatically apply updates in the background, many organizations must stage and test all patch deployments, which may seem daunting this month.
Prioritizing patch deployments may help to quickly minimize the greatest amount of risk. MS11-018, MS11-019 and MS11-020 are of critical importance and should be applied as soon as possible. MS11-018 provides a Cumulative Security Update for Internet Explorer and covers five CVEs, including CVE-2011-0094 and CVE-2011-1345, both of which are being exploited on the Internet.
MS11-019 and MS11-020 fix vulnerabilities in the Windows SMB (Server Message Block) Client and Server, respectively. Successful exploitation of these vulnerabilities in the Windows networking system may allow an attacker to execute arbitrary code on a vulnerable computer.
MS11-034 addresses the largest number of vulnerabilities in any single bulletin ever released with 30 CVEs. While this is a large number of vulnerabilities, they all result from three vulnerability types, including memory reuse errors, use-after-free errors, and NULL pointer dereference errors.
In addition to the 64 CVEs patched this month, Microsoft included two non-security updates. Microsoft released an update for the Microsoft Windows Operating System Loader (winload.exe) as well as Microsoft Office File Validation for Microsoft Office. The operating system loader was patched to prevent a method known to load unsigned drivers, a technique used by malware in the past. Microsoft Office File Validation adds welcome protections that allow a user to scan a file's internal structure before it is opened, making it easier to detect potentially malicious documents before opening them.
If you haven't yet deployed April's patches, take a moment to prioritize the patches according to the impact in your environment and apply the most important patches first. Microsoft's proposed ordering is as follows:
MS11-018, MS11-019, MS11-020, MS11-027, MS11-028, MS11-031, MS11-030, MS11-032, MS11-026, MS11-021, MS11-022, MS11-023, MS11-029, MS11-033, MS11-034, MS11-025, MS11-024