Microsoft reveals more issues on Patch Tuesday
Fix for earlier .ani patch and another Vista issue included in batch.
Five out of six vulnerabilities patched by Microsoft yesterday, in April's 'Patch Tuesday' monthly security
update, are labelled 'critical' and can be used to execute remote code on victim machines.
Four of the five affect Windows core systems, while the fifth only affects the Content Management
Server. The sixth flaw, labelled only 'Important', is in the Windows kernel itself, and could allow
a local user to escalate privileges. Two of the more serious flaws, including the
animated cursor vulnerability and another involving CSRSS, also
affect the latest version of Windows, Windows Vista. The patch for the .ani flaw,
released out-of-cycle last week after much media attention and
widespread exploitation, has been updated to resolve clashes with some third-party software.
As usual, users are urged to apply the patches as soon as possible to ensure their machines are safe from
exploitation of these vulnerabilities. Several other known vulnerabilities, including some in the widely used
Microsoft Word and other Office products, remain unpatched and users should continue to
exercise caution when visiting untrusted websites.
More details of the latest batch of fixes can be found in the Microsoft Security Bulletin,
here, and a Security Response
blog entry, here.
11 April 2007
Tags:
del.icio.us 
digg this
