Eight April patches from Microsoft

By Shaun Nichols on Apr 10, 2008 6:46 AM
Filed under Software

Microsoft has released its latest security update package and there are five critical fixes in this month's update.

The April edition of 'Patch Tuesday' fixes flaws in Windows, Office and Internet Explorer. Five of the patches address vulnerabilities that Microsoft has rated 'critical'.

Two of the critical patches addressed issues found in Internet Explorer. The patches included a remote code execution vulnerability in the browser itself and another patch for the ActiveX plugin used to connect the browser with Yahoo's Music Jukebox service.

Among the other critical fixes is a flaw in Office's handling of Project files, which could allow an attacker to remotely execute code on a target system.

The company also issued a fix for a pair of vulnerabilities in Office's Visio component, which were both rated as 'important'.

The remaining four patches addressed issues with Windows. Among them a privilege elevation flaw in Windows 2000, XP, Server 2003, Vista, and Server 2008. Other patches included a remote code execution flaw in the VBSript/Jscript component, a DNS spoofing flaw, and a remote code execution vulnerability in the handling of EMF and WMF image files.

McAfee security research and communications manager Dave Marcus said that the update should once again serve as a warning to users of the dangers that lurk on the web.

"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website, a favourite attack method among cybercriminals,” said Marcus.

"In such drive-by downloads an attacker places malware onto a vulnerable computer without the user noticing it. This malware most often targets various types of identity information of the victim."

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Eight April patches from Microsoft
 
 
 
 
 
Top Stories
End of the road: 10 major channel failures of 2014
The year was not without its casualties.
 
Telstra in $857m blockbuster Pacnet acquisition
Asian data centre and telecoms provider has 220 retail and wholesale partners.
 
Deals done: 10 top acquisitions of 2014
Who bought who, and for how much?
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Who had more wins in 2014?

Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.