Microsoft will issue 16 patches Tuesday, 9 of them critical

The monthly Patch Tuesday will be a big one, with Microsoft planning 16 patches for Windows, Internet Explorer, Office and other products, with nine of the 16 patches being rated as critical.

All nine critical patches fix flaws that could allow remote code execution, and most will require a restart to apply the patch. Four of the critical patches affect Windows only, two affect Windows and Internet Explorer, one affects Windows plus the .NET Framework, one affects Windows plus the .NET Framework and Microsoft Silverlight, and one other critical patch affects only the Forefront Threat Management Gateway.

The critical patches run the gamut from Windows XP to Vista and Windows 7, as well as Windows Server 2003 and 2008.

In-depth: The pros and cons of Windows 7 security

While critical patches fix vulnerabilities that "could allow the propagation of an Internet worm without user action," the other seven patches are all rated important, one step below critical. The seven important patches fix flaws that could lead to information disclosure, remote code execution, elevation of privileges and denial of service attacks. The important patches affect Windows, Office, SQL Server, and Visual Studio.

The 16 total patches is one shy of the record of 17 security updates, set both in April 2011 and December 2010. The 16 patches cover a total of 34 vulnerabilities, well short of the record 64 flaws patched in April 2011. 

Microsoft typically alternates the size of Patch Tuesdays. One month is big and one is small. True to form, last month's featured only two security bulletins targeting three vulnerabilities. Not only is this month's Patch Tuesday a large one, Microsoft will also release a new version of the Windows Malicious Software Removal Tool. 

"From the 16 advance bulletins we saw today, it is clear that Microsoft is back to its typical practice of being very disruptive on Patch Tuesday," security analyst Paul Henry of Lumension wrote in a quick analysis. "This will be a long hot summer for IT professionals and there is just no room to slow down. There was a large number of bulletins, nine of which are critical and the vast majority directly require a reboot. This disruption comes in the wake of several high profile security breaches over the past month."

Prominent security breaches include the Citigroup credit card breach and Sony's ongoing problems, while even Apple's Mac OS X computers, long considered safe because of their low market share, are being targeted by malware. 

Windows users: get ready for a big update. 

Follow Jon Brodkin on Twitter.


Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022