Microsoft plans to release 11 security bulletins April 13, repairing 25 vulnerabilities in Windows, Microsoft Office and Exchange.
In its patch Advance Notification Service, Microsoft said five of the bulletins are rated critical. The 25 vulnerabilities affect all versions of Windows, including the latest version, Windows 7.
Jerry Bryant, senior security communications manager for the Microsoft Security Response Center, said the software giant will address two publicly known issues. A VBScript issue with Internet Explorer will be repaired. An advisory on the issue was issued March 1. The flaw could allow an attacker to run arbitrary code by tricking a user to browse to a malicious Web page and press the F1 key to access Windows Help files in Internet Explorer.
A denial of service vulnerability in the Server Message Block (SMB) protocol will also be addressed, Bryant said.
Microsoft issued an emergency bulletin March 30, repairing a zero-day vulnerability in Internet Explorer and nine other IE fixes. The zero-day vulnerability affected IE 6 and 7 and was being publicly targeted in the wild. The other fixes rolled into the bulletin address remote code execution and information disclosure flaws. Most were critical, including three Internet Explorer 8 vulnerabilities.