Eight April patches from Microsoft

By Shaun Nichols on Apr 10, 2008 6:46 AM
Filed under Software

Microsoft has released its latest security update package and there are five critical fixes in this month's update.

The April edition of 'Patch Tuesday' fixes flaws in Windows, Office and Internet Explorer. Five of the patches address vulnerabilities that Microsoft has rated 'critical'.

Two of the critical patches addressed issues found in Internet Explorer. The patches included a remote code execution vulnerability in the browser itself and another patch for the ActiveX plugin used to connect the browser with Yahoo's Music Jukebox service.

Among the other critical fixes is a flaw in Office's handling of Project files, which could allow an attacker to remotely execute code on a target system.

The company also issued a fix for a pair of vulnerabilities in Office's Visio component, which were both rated as 'important'.

The remaining four patches addressed issues with Windows. Among them a privilege elevation flaw in Windows 2000, XP, Server 2003, Vista, and Server 2008. Other patches included a remote code execution flaw in the VBSript/Jscript component, a DNS spoofing flaw, and a remote code execution vulnerability in the handling of EMF and WMF image files.

McAfee security research and communications manager Dave Marcus said that the update should once again serve as a warning to users of the dangers that lurk on the web.

"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website, a favourite attack method among cybercriminals,” said Marcus.

"In such drive-by downloads an attacker places malware onto a vulnerable computer without the user noticing it. This malware most often targets various types of identity information of the victim."

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Promo

Eight April patches from Microsoft
 
 
 
 
 
Top Stories
HP enterprise services restructure could cost $2bn
But overall split is forecast to be cheaper than expected.
 
Huawei gets Canberra Raiders cycling for cancer
Vendor gives up jersey space for fundraiser at NRL game.
 
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Should Australian companies be given preference for government contracts?

Latest Comments
CRN Magazine

Issue: 338 | May 2015

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.