Microsoft plans to issue six bulletins next week, including four critical bulletins that address both server-side flaws and serious vulnerabilities in all versions of Windows, Internet Explorer and its .NET Framework.
In addition, the software giant’s April 2012 Patch Tuesday Advance Notification includes two bulletins that address flaws in Forefront United Access Gateway (UAG) 2010 and Microsoft Office 2003, 2007 and 2010.
Microsoft said its server-side update affects SQL Server 2000, 2005 and 2008; the Microsoft BizTalk Server; and Microsoft Commerce Server 2002, 2007 and 2009. Developer software, specifically Microsoft Visual FoxPro 8 and 9 and Visual Basic 6 runtime, is also affected. The updates may require a restart, Microsoft said, as will the updates affecting Windows and Internet Explorer.
The Internet Explorer updates affecting IE versions 6 through 9 will be the highest priority, according to Wolfgang Kandek, CTO of Redwood Shores, Calif.-based vulnerability management vendor Qualys Inc. Writing on the Qualys blog, Kandek said the server-side software update could pose a challenge to patching administrators.
The bulletins will be released April 10, 2012, at approximately 1:00 p.m. ET.
In addition to Microsoft, Adobe Systems Inc. indicated that it will release updates April 10 affecting Adobe Reader and Adobe Acrobat. In its Adobe April 2012 Prenotification Security Advisory, the San Jose, Calif.-based software maker said its update also affects users of Adobe Reader X.
Adobe advised Windows users of Adobe Reader and Acrobat 9.5 and earlier that the updates have a Priority Rating of 1, meaning that the update resolves vulnerabilities being targeted by attackers or at a higher risk of being targeted by exploits in the wild.