The second Tuesday of the month is soon upon us, and just as we had expected, Microsoft has published an advance notification of the security bulletins users can expect to receive for their operating systems when the time comes. And we got some news for you: this month's Patch Tuesday is not going to be the lightest of updates.

Yep, that time of the month is about to come again. As most people would already be aware, Microsoft follows a strict schedule when it comes to delivering security patches, and that 'strict schedule' means that every single patch that the Redmond giant is capable of churning out will be released in one go on a specific day every month, hence the name Patch Tuesday.

And if you are already preparing your Windows PC to receive the next wave of security updates from Microsoft when the day comes, chances are you may be interested to find out more about the patches and the kind of problems they are supposed to fix before actually deploying them. Which is exactly what Microsoft has done with its Security Bulletin Advance Notifications, which has been updated with information about this month's Patch Tuesday.

In a nutshell, there will be a total of 17 patches for next Tuesday's update which will be used to fix a whopping 64 security vulnerabilities across a wide variety of Microsoft software products. And the bad news is that a good number of these bulletins have been marked as 'critical', for they are designed to plug various holes in the operating system that could potentially allow for remote code execution. Of note, however, is Security Bulletin #1, which is designed to plug a hole in Internet Explorer from version six to eight. 

Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement
Affected Software

Bulletin 1

Critical
Remote Code Execution

Requires restart

Microsoft Windows,
Internet Explorer

Bulletin 2

Critical
Remote Code Execution

Requires restart

Microsoft Windows

Bulletin 3

Critical
Remote Code Execution

Requires restart

Microsoft Windows

Bulletin 4

Critical
Remote Code Execution

May require restart

Microsoft Windows

Bulletin 5

Critical
Remote Code Execution

May require restart

Microsoft Windows

Bulletin 6

Critical
Remote Code Execution

May require restart

Microsoft Windows,
Microsoft Office

Bulletin 7

Critical
Remote Code Execution

Requires restart

Microsoft Windows

Bulletin 8

Critical
Remote Code Execution

May require restart

Microsoft Windows

Bulletin 9

Critical
Remote Code Execution

Requires restart

Microsoft Windows

Bulletin 10

Important
Remote Code Execution

May require restart

Microsoft Office

Bulletin 11

Important
Remote Code Execution

May require restart

Microsoft Office,
Microsoft Server Software

Bulletin 12

Important
Remote Code Execution

May require restart

Microsoft Office

Bulletin 13

Important
Remote Code Execution

May require restart

Microsoft Windows

Bulletin 14

Important
Remote Code Execution

May require restart

Microsoft Developer Tools and Software

Bulletin 15

Important
Information Disclosure

Requires restart

Microsoft Windows

Bulletin 16

Important
Remote Code Execution

May require restart

Microsoft Windows

Bulletin 17

Important
Elevation of Privilege

Requires restart

Microsoft Windows

 

According to a blog post by Peter Voss, a senior response communication manager for Microsoft Trustworthy Computing, the aforementioned bulletin will patch both the S.M.B Browser issue which was first publicly announced way back in February this year, along with the MHTML vulnerability that was first raised in January. While the S.M.B hole is rated at critical, Voss claims that there has been no known attacks made against Windows and Internet Explorer made through this vulnerability, and that it is the MHTML vulnerability that has seen limited, small-scale attacks. However, as the MTHML vulnerability was previously closed in the form of a security advisory released in late January, it has been given an 'Important' rating instead of the typical 'Critical'.

Voss has also confirmed that the various bulletins will be made available for download via Windows Update on April 12 at approximately 10pm PDT.

Source: Microsoft TechNet, Microsoft Security Response Centre