News

Microsoft releases April trove of patches

Margie Semilof

Microsoft will release five critical and three important vulnerabilities previewed last week as part of its April rollout of security bulletins.

@50147 All of the vulnerabilities this month are end-user initiated, said Eric Schultze, chief technology officer at Shavlik Technologies LLC, in Roseville, Minn. Also notable about April's patches is that they impact Vista and Windows Server 2008 -- the first for the server since its release in late February.

In its monthly Microsoft patch notice, Microsoft said the five critical vulnerabilities, which could leave users open to remote code executions, target Office Project, Windows vis-à-vis Graphics Device Interface (GDI), VBScript and JScript scripting engines, and Internet Explorer.

Regarding the Windows desktop and server platforms, the critical vulnerability involving GDI -- MS08-021 -- will affect Windows 2000 SP4, Windows XP SP2, Windows XP Professional x64 SP2, Windows Server 2003 SP1 and 2 plus the x64-bit edition, Vista and Vista SP1, plus Windows Server 2008.

Schultze deems this particular vulnerability as the worst on the list for April. It is an image file bug that enables an attacker to take control of a system while a user is "visiting an evil website, opening an evil document or reading an evil email."

Schultze said it's the third such graphic file attack since January 2006.

The three important security bulletins touch on Windows through a spoofing vulnerability in Windows DNS clients, a vulnerability in the Windows kernel where a local attacker could gain access to an affected system, and a vulnerability in Office Visio.

An updated version of the Windows Malicious Software Removal Tool is available on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: