Microsoft has released its Security Advisory for April, which includes 11 updates to address 25 vulnerabilities. Impacting popular Microsoft products such as Windows, Microsoft Office and Microsoft Exchange, the software maker deemed five updates 'critical', another five are considered 'important' and one was ranked 'moderate'.
Patch Tuesday includes 11 updates in total
Microsoft recommended in a statement that customers give priority to MS10-019, MS10-026 and MS10-027.
"Microsoft recommends that customers deploy all security updates as soon as possible. However, Microsoft's guidance on deployment priority is that customers should consider MS10-019, MS10-026 and MS10-027 as the top priority bulletins for April," the company stated in a press released about the security bulletin.
According to Microsoft, MS10-019 "affects all version of Windows". The company explains that "the issue would allow an attacker to alter signed executable content (PE and CAB files) without invalidating the signature".
MS10-026 is a critical update on Windows 2000, XP, Server 2003 or Server 2008, but does not affect Windows 7, Windows Server 2008 R2 or Itanium devices of Windows Server 2008 and Windows Server 2003, Microsoft says. The vulnerability addressed by this update "could be triggered simply by visiting a Web page hosting a specially crafted AVI file that began streaming when the page loads," Microsoft says.
And MS10-027 addresses a vulnerability that could be exploited by simply visiting a specially crafted web page, and the update affects only Windows 2000 and Windows XP users.
With this raft of updates, Microsoft also asked the customres on platforms nearing end of support to update to the latest service pack or the more recent operating systems to continue to get security updates from the software maker.
According to Microsoft, Windows XP Service Pack 2 will no longer be supported after July 13, 2010 and extended support for Windows 2000 will also be retired on that date. And Windows Vista RTM will no longer be supported after this April 13, 2010 bulletin release, while Service Pack 1 will be supported until July 12, 2011.
See also:
Comments
Cyteck said: In response- Aaron if you had actually bothered to read the technical briefings that Microsoft gave out to the public or on MS Technet you would have know that ALL current versions of the windows desktop client were affected That the risk was rated critical and because hackers exploited an obscure zero day attack vulnerability These recent patches fixed those remaining vulnerabilities in windows by effectively plugging the wholeAnd I dont know why you have such a massive hatred of Microsoft windows its rather irrational in my opinion Actually its your loss because windows 7 is top notch version of the windows OS and is dare I say so myself its even better than XP There Ive said my piece Ive been a windows user since 1989 and used literally every version of the OS
Aaron said: Oh so it doesnt affect windows 7 Smells like a plan to trick customers into buying an overrated overexpensive operating system much like the network bug that only affected old ps3s not the slim ones