April '10 Patch Tuesday: 11 Bulletins, 25 Vulnerabilities
On the 13th of April, the second Tuesday of the month, Microsoft will release a grand total of 11 security bulletins as part of the Patch Tuesday program. This is quite a big security patch, especially compared with last month’s Patch Tuesday – March ’10 Patch Tuesday contained just 2 security bulletins that addressed 8 vulnerabilities.
The 11 security bulletins that Redmond-based software giant Microsoft will be rolling out this Tuesday address a total of 25 vulnerabilities. These vulnerabilities plague the Windows operating system, the Microsoft Office productivity suite, and the collaborative application product Microsoft Exchange.
SPONSORED LINKS
Out of the 11 security bulletins, 5 are rated as critical – they allow for remote code execution and affect the Windows operating system. 5 other bulletins are rated as important, an the remaining 1 bulletin is rated moderate. To help customers prepare for this month’s Path Tuesday, Microsoft has published an advance notification here.
At the start of March, a proof of concept that shows how arbitrary code can be run on a targeted machine by using VBScript in an .HLP file has been publicly posted. A person with malicious intent could lure an unsuspecting user to a specially crafted webpage; once on the webpage, if that user is pushed into pressing F1, it could lead to remote code execution. This issue, which is detailed in Security Advisory 981169, has not been addressed during the March Patch Tuesday, but it will be addressed by the April Patch Tuesday.
Back in November, the first Windows 7 vulnerability came to light. This is a Denial-of-Service (DoS) vulnerability that affects the Server Messaging Block (SMB) Protocol - SMBv1 and SMBv2. Credit for discovering this vulnerability goes to esearcher Laurent Gaffié who says the exploit could allow a person with malicious intent to emotely crash Windows 7 (and/or Windows Server 2008 R2) on a LAN or via IE. This vulnerability, which is detailed in Security Advisory 977544, will also be plugged this Patch Tuesday.
On the 13th of April, the second Tuesday of the month, Microsoft will release a grand total of 11 security bulletins as part of the Patch Tuesday program. This is quite a big security patch, especially compared with last month’s Patch Tuesday – 