Microsoft prepping 17 patches for 64 holes

Microsoft will release 17 bulletins next week to fix 64 vulnerabilities across a swath of products including Windows, Office, and Internet Explorer, the company said in its Patch Tuesday preview.

Of the bulletins, nine are rated "critical" and eight are "important," the company said in a TechNet blog post today.

In addition to all versions of Windows; IE6, IE7, and IE8; numerous versions of Office for Windows and the Mac, affected software includes Visual Studio .NET and Visual C++, according to the advisory.

"This month we'll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (Critical) issue publicly disclosed Feb. 15. Microsoft assessed the situation and reported that although the vulnerability could theoretically allow Remote Code Execution, that was extremely unlikely. To this day, we have seen no evidence of attacks," the company said in its blog post.

"We are also planning a fix for the MHTML vulnerability in Windows, rated Important," the post said. "We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January. In March, we updated the advisory to let people know we were aware of limited, targeted attacks."

The release represents a large number of bulletins and vulnerabilities addressed at one time for Microsoft. The company issued 17 bulletins in December and plugged a record 49 holes in October.

"Microsoft is planning to release 17 bulletins and a whopping 64 CVEs (Common Vulnerabilities and Exposures) this month, a new CVE record," said Andrew Storms, director of security for nCircle. "That seems like a huge number of bugs but it's actually about what we expected. Ever since the middle of last year Microsoft's bulletin releases generally hit double digits every other month."