April 14 is not just the day before income tax returns are due this year. In fact, it will be the second Tuesday in the month – AKA “Patch Tuesday” if you’re Microsoft.
That means Microsoft’s security organization is readying release of the company’s monthly batch of bug fixes.
This month, Microsoft (NASDAQ: MSFT) says in an advance notice, it will provide three “critical” patches for various versions of Windows, as well as one each for the Internet Explorer browser and the Excel spreadsheet. In addition, Microsoft will also patch “important” security flaws in Windows and Internet Security and Acceleration Server (ISA), along with one Windows bug that is rated “moderate.”
In Microsoft lingo, “critical,” Microsoft’s highest vulnerability rating on its four-tier severity scale, means that a user’s PC could be completely compromised without the user doing anything to trigger an attack. “Important,” the next step down from “critical,” means that the personal data could be stolen and the integrity of the user’s PC could be called into question, but it usually requires that the user participate in triggering an exploit. Meanwhile, “moderate,” the third step down, is less dangerous than either critical or important flaws.
Although Microsoft does not give detailed information in its Patch Tuesday advance notifications, it’s possible that the Excel patch will fix a known security bug that didn’t get patched last month.
Hackers had already released zero-day
Meanwhile, this month’s advance notification does not mention a patch for a newly discovered zero-day in Microsoft PowerPoint that was under attack last week. The company issued a security advisory regarding the PowerPoint bug on April 2.
Microsoft makes the patches available for download on Patch Tuesday and sends out security bulletins to notify users. Windows users who subscribe to Windows Update receive the patch automatically.