Microsoft plans gigantic Patch Tuesday next week

Computerworld - Microsoft today said it will deliver 10 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint.

The patches will also quash two bugs that Microsoft acknowledged in February and April.

"I'd actually call this a moderate month," said Andrew Storms, director of security operations at nCircle Security. "Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn't look like a huge month to me."

By the numbers, however, next week's updates will be huge. Although the 10 updates fall short of the record of 13 -- first set in October 2009, then repeated in February 2010 -- Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.

Microsoft has been shipping alternating large and small batches of fixes, with the larger-sized updates landing in even-numbered months. In May, for example, the company issued just two bulletins that patched two vulnerabilities. April's collection, meanwhile, amounted to 11 bulletins that fixed 25 flaws.

The monthly advance notification spelled out the patches expected to appear next Tuesday.

Of the 10 updates, Microsoft labeled three as "critical," the highest threat ranking in the company's four-step system. The seven remaining patches have been pegged as "important," the next step down from critical. Two of the three critical updates will address issues in Windows, while the third will tackle Internet Explorer (IE).

All six updates affecting Windows will impact Microsoft's newest operating system, Windows 7. And with one exception -- Windows 2000 and Windows XP will not need Bulletin 9 -- all currently-supported versions of Windows will require all the patches.

"There's no safe harbor this month," said Storms.