Eight April patches from Microsoft

By Shaun Nichols on Apr 10, 2008 6:46 AM
Filed under Software

Microsoft has released its latest security update package and there are five critical fixes in this month's update.

The April edition of 'Patch Tuesday' fixes flaws in Windows, Office and Internet Explorer. Five of the patches address vulnerabilities that Microsoft has rated 'critical'.

Two of the critical patches addressed issues found in Internet Explorer. The patches included a remote code execution vulnerability in the browser itself and another patch for the ActiveX plugin used to connect the browser with Yahoo's Music Jukebox service.

Among the other critical fixes is a flaw in Office's handling of Project files, which could allow an attacker to remotely execute code on a target system.

The company also issued a fix for a pair of vulnerabilities in Office's Visio component, which were both rated as 'important'.

The remaining four patches addressed issues with Windows. Among them a privilege elevation flaw in Windows 2000, XP, Server 2003, Vista, and Server 2008. Other patches included a remote code execution flaw in the VBSript/Jscript component, a DNS spoofing flaw, and a remote code execution vulnerability in the handling of EMF and WMF image files.

McAfee security research and communications manager Dave Marcus said that the update should once again serve as a warning to users of the dangers that lurk on the web.

"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website, a favourite attack method among cybercriminals,” said Marcus.

"In such drive-by downloads an attacker places malware onto a vulnerable computer without the user noticing it. This malware most often targets various types of identity information of the victim."

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Promo

Eight April patches from Microsoft
 
 
 
 
 
Top Stories
Perth MSP saves $120,000 by switching its rig to Nutanix
First Perth MSP to choose hot hyperconverged vendor.
 
 
Sydney MSP exec accused of $1.7m fraud
ICAC targets IT manager for alleged payments to his own company.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
What's the best way to deal with phoenix businesses?



Latest Comments
CRN Magazine

Issue: 340 | July 2015

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.