March 11, 2012, 8:51 AM —
Microsoft yesterday said it would ship six security updates next week, only one critical, to patch seven vulnerabilities in Windows and a pair of for-developers-only programs.
This year's March Patch Tuesday will feature three more updates and three more patches than the same month in 2011, but will fix fewer bugs than the March roster in each of the years 2008-2010, according to records kept by Andrew Storms, director of security operations at nCircle Security.
One of the six updates was tagged "critical," the highest threat ranking in Microsoft's four-label system, while four were marked "important," the second-level rating, and the sixth as "moderate." One of the important updates, as well as the sole critical one, will patch bugs that Microsoft confirmed could be exploited by attackers to compromise PCs and plant malware on victimized machines.
Storms tried to parse the limited information Microsoft revealed in the advance notification for Patch Tuesday but came up mostly empty. "Overall, there's not much to go on here as we look to be back to lower numbers on a down month," said Storms during an instant message interview.
Storms was referring to Microsoft's habit of issuing a higher number of updates in even-numbered months.
In February, for example, Microsoft released nine security updates -- called "bulletins" in its parlance -- that patched 21 vulnerabilities.
Based on what Microsoft disclosed yesterday, Storms and other security experts pegged "Bulletin 1," the single critical update, as the one most users should apply first.