April to be another big Microsoft security patch month

Microsoft plans to release eight security updates next Tuesday, five of which are rated critical by the software vendor.

The critical patches affect Windows, the VBScript programming software, Microsoft Project and Internet Explorer, which will get two updates. They will be released as part of the company's monthly software update cycle, which mandates security updates on the second Tuesday of each month.

The updates were described in general terms in a note posted Thursday to Microsoft's Web site. More details will be released Tuesday, when the patches are made available.

Two less-critical updates -- rated important by Microsoft -- are planned for Windows. A third important update is being readied for the Visio design software, the company said.

The critical Windows update -- called Bulletin 2 by Microsoft -- looks particularly important because it affects all supported versions of Windows, said Andrew Storms, director of security operations with nCircle Network Security. "This really bucks the trend for Microsoft recently. Their trend is the newer operating systems have lower criticality," he said. "It's got to be something core to the operating system in order for it to be critical all the way across the board."

The VBScript update is probably the same one that Microsoft ended up pulling at the last minute in March, he said.

With two more updates this month, Office has been keeping Microsoft's Security Response Center busy.

Last month the company patched a total of 12 bugs in four security updates. All of them were for Office products.

The IDG News Service is a Network World affiliate.