In association with heise online

14 April 2010, 09:48

Microsoft's April Patch Tuesday offers 11 updates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Logo As part of its regular update cycle, Microsoft has released five critical, five important and one moderate risk update to fix security holes in Windows, MS Office and Exchange. The most prominent among them is the "F1 hole" in the VBScript engine for which exploits are already available online.

However, the company has also rated holes in Microsoft Office Publisher, in Visio, in the MP3 codec and in the Media Player and Services with an exploitability index of 1. This means that Microsoft's security experts anticipate that dangerous exploit code is very likely to appear in the near future.

While the critical patch for the SMB client addresses a total of five security holes, some of which were already previously disclosed, Microsoft anticipates that potential exploits for this hole will remain unreliable. A similar rating applies to the two security holes in the Authenticode verification modules for checking digital file signatures.

As anticipated, Microsoft has not yet included an update for the cross-domain problem in Internet Explorer disclosed in February. Irrespective of this, Windows users and administrators should ensure that the updates are installed as soon as possible to avoid exposing systems to unnecessary threats. Those who haven't yet installed the available Service Packs for Vista and XP are advised to immediately install them. The official support of Windows Vista without Service Pack ends today; the support for Windows XP Service Pack 2 will expire on the 13th of July 2010.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit