Microsoft has released 17 security bulletins fixing a total of 64 vulnerabilities in its monthly security update for April.
In the largest update for 2011 so far, nine bulletins are rated critical and eight bulletins are rated important. As expected, IT administrators will have their hands full because all Windows operating systems and all versions of Office are affected.
"This month's Patch Tuesday is not only a record for 2011, it's a record-breaker for Microsoft, considering the December 2010 Patch Tuesday's 17 patches addressed only 40 vulnerabilities and the October update's 16 patches addressed only 49 vulnerabilties," says Dave Marcus, director of security research at McAfee Labs.
"Sixty-four vulnerabilities is a very large amount, so organisations should be prepared," Dave Marcus says.
The top of the priority list is MS11-018, a bulletin for Windows Internet Explorer that addresses two vulnerabilities already being used by attackers in the wild to gain control over machines, says Wolfgang Kandek, chief technology officer at Qualys.
"We recommend deploying this patch immediately," Wolfgang Kandek says.
Next on the priority list, says Kandek, is MS11-020, a server-side vulnerability in the SMB protocol.
Attackers can send a specially crafted packet to a server running this file-sharing service and take control of the machine.
"The exploitability index is a low '1', meaning attackers will have little difficulty in reverse engineering the exploit, once they have the patch for MS11-020 in hand," says Kandek.
Companies that make SMB accessible over the internet are especially at risk, he says, but the main attack opportunity is going to be inside enterprise networks, once an attacker has established a presence on the network, for example, through one of the more frequent client side vulnerabilities in browsers, browser plug-ins or applications.
The MS11-019 vulnerability also affects the SMB protocol, but this time on the client side, says Kandek.
"This typical attack vector is an e-mail that contains a link to an external malicious file server. The client opens the file which responds with malicious content and then gains control over the client workstation," he says.
Microsoft also shipped a fix for the MHTML vulnerability in Windows.
This vulnerability has seen a number of attacks since it was first disclosed by Google on 11 March. Microsoft had previously addressed it with a "Fix-it" script that locked down the MHTML protocol inside of Windows Explorer and Internet Explorer.
"As in all months, IT administrators should review all remaining bulletins for applicability to their environments, but this month this is especially important with such a large number of vulnerabilities," says Kandek.
In addition to the Microsoft updates, IT security professionals will have to take note of the security advisory from Adobe warning of a critical vulnerability in Adobe Flash that is being used in the wild to attack workstations.
"As all current attacks use a Flash file embedded in Microsoft Word, we recommend looking into the possibility of disabling Flash content in Word files altogether through the Trust Center, as described in this Microsoft Tech Document," says Kandek.