Microsoft has just announced the patches that are scheduled to be released on Tuesday, April 9. The information is available at http://technet.microsoft.com/en-us/security/bulletin/ms13-apr .
A total of 9 patches are scheduled to be released. Two of the patches are classified as CRITICAL and the remaining 7 are classified as IMPORTANT for workstation OSs and MODERATE for Server OSs. The patches apply to just about all current Microsoft Windows OS, Internet Explorer versions, MS Office Suite products and also Microsoft Defender for Windows 8. As CRITICAL bulletin #1 applies to all current versions of Internet Explorer and is identified as a remote code execution vulnerability, there is a high probability that the ISO recommendation will be to patch workstations as soon as possible, and that server systems be patched as time allows following adequate testing.
Update April 9 3:00 pm.
Microsoft and other IT Security resources (https://isc.sans.edu/) have recently provided additional details on the scope of the patches that are being released on April 9. While both patches designated as CRITICAL address a remote code execution vulnerability for all Windows Workstation OSs, prior to April 9, no specifics had been made available to the public. Further, as of this day, no proof of concept code has been identified for either of the CRITICAL vulnerabilities. However, as the vulnerability identified in http://technet.microsoft.com/en-us/security/bulletin/ms13-028 can be exploited in all current versions of Internet Explorer, it is recommended that the April patches be applied to workstations as soon as possible.
The second patch identified as CRITICAL ( http://technet.microsoft.com/en-us/security/bulletin/ms13-029 ) , only applies to versions 6.1 and 7.0 of Remote Desktop Connection in Windows workstation operating systems. The vulnerability in Remote Desktop Connection is classified as MODERATE for server systems that run versions 6.1 or 7.0.
The ISC.SANS.EDU site also indicates that patches are being released on April 9 for the following products:
- Adobe ColdFusion http://www.adobe.com/support/security/bulletins/apsb13-10.html
- Adobe Flash Player http://www.adobe.com/support/security/bulletins/apsb13-11.html
- Adobe AIR http://www.adobe.com/support/security/bulletins/apsb13-11.html
- Adobe ShockWave player http://www.adobe.com/support/security/bulletins/apsb13-12.html