Eight April patches from Microsoft

By Shaun Nichols on Apr 10, 2008 6:46 AM
Filed under Software

Microsoft has released its latest security update package and there are five critical fixes in this month's update.

The April edition of 'Patch Tuesday' fixes flaws in Windows, Office and Internet Explorer. Five of the patches address vulnerabilities that Microsoft has rated 'critical'.

Two of the critical patches addressed issues found in Internet Explorer. The patches included a remote code execution vulnerability in the browser itself and another patch for the ActiveX plugin used to connect the browser with Yahoo's Music Jukebox service.

Among the other critical fixes is a flaw in Office's handling of Project files, which could allow an attacker to remotely execute code on a target system.

The company also issued a fix for a pair of vulnerabilities in Office's Visio component, which were both rated as 'important'.

The remaining four patches addressed issues with Windows. Among them a privilege elevation flaw in Windows 2000, XP, Server 2003, Vista, and Server 2008. Other patches included a remote code execution flaw in the VBSript/Jscript component, a DNS spoofing flaw, and a remote code execution vulnerability in the handling of EMF and WMF image files.

McAfee security research and communications manager Dave Marcus said that the update should once again serve as a warning to users of the dangers that lurk on the web.

"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website, a favourite attack method among cybercriminals,” said Marcus.

"In such drive-by downloads an attacker places malware onto a vulnerable computer without the user noticing it. This malware most often targets various types of identity information of the victim."

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Eight April patches from Microsoft
Related Listings
 
 
 
 
 
Top Stories
 
10 things we learned this week
Dick's chic Move, how Microsoft Finnish-ed Nokia and more family time for $1.29m.
 
100 Android apps, 150m downloads exposed to Heartbleed
Affected apps include chart toppers in the Google Play store.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 325 | March 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.