Microsoft has released its Security Advisory for April, which includes 11 updates to address 25 vulnerabilities. Impacting popular Microsoft products such as Windows, Microsoft Office and Microsoft Exchange, the software maker deemed five updates 'critical', another five are considered 'important' and one was ranked 'moderate'.
"Microsoft recommends that customers deploy all security updates as soon as possible. However, Microsoft's guidance on deployment priority is that customers should consider MS10-019, MS10-026 and MS10-027 as the top priority bulletins for April," the company stated in a press released about the security bulletin.
According to Microsoft, MS10-019 "affects all version of Windows". The company explains that "the issue would allow an attacker to alter signed executable content (PE and CAB files) without invalidating the signature".
MS10-026 is a critical update on Windows 2000, XP, Server 2003 or Server 2008, but does not affect Windows 7, Windows Server 2008 R2 or Itanium devices of Windows Server 2008 and Windows Server 2003, Microsoft says. The vulnerability addressed by this update "could be triggered simply by visiting a Web page hosting a specially crafted AVI file that began streaming when the page loads," Microsoft says.
And MS10-027 addresses a vulnerability that could be exploited by simply visiting a specially crafted web page, and the update affects only Windows 2000 and Windows XP users.
With this raft of updates, Microsoft also asked the customres on platforms nearing end of support to update to the latest service pack or the more recent operating systems to continue to get security updates from the software maker.
According to Microsoft, Windows XP Service Pack 2 will no longer be supported after July 13, 2010 and extended support for Windows 2000 will also be retired on that date. And Windows Vista RTM will no longer be supported after this April 13, 2010 bulletin release, while Service Pack 1 will be supported until July 12, 2011.