April Patch Tuesday roundup

Patch Tuesday has again come and gone and Microsoft’s new OS, Vista, has again been patched–for the second time this month, to be exact. Of the five security bulletins released this month, four have been rated “critical” by the company. The patches repair eight vulnerabilities in various versions of Windows and Microsoft Content Management Server. Here’s a brief rundown of the fixes:

  • MS07-018 (Critical): Fixes two bugs in Microsoft’s Content Management Server; a remote code execution vulnerability and a flaw that could allow cross-site scripting attacks.
  • MS07-019 (Critical): A remote code execution vulnerability in the Universal Plug and Play service. Can be used to run unsigned code on the local machine.
  • MS07-020 (Critical): Remote code execution bug that places Windows users at risk of URL-based attacks.
  • MS07-021 (Critical): Fixes three CSRSS bugs in Windows, could allow an attacker to gain complete control of a user’s machine. Exploit code for these attacks is publicly available.
  • MS07-022 (Important): Patches a Windows kernel flaw that could allow privilege elevation attacks.

And what a lovable bunch of patches they are. Need some motivation to get cracking? Check out today’s “Security Alert.”

For more on the patches:
– see this ZDnet article

More stories about Vulnerabilities   Software Patches   Software News   Patches   Microsoft Windows   Security  


Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

What is 28 + 1?
To combat spam, please solve the math question above.