News

Five 'Critical' Patches Planned for Tuesday

After some comparatively light patch rollouts in past months, Microsoft's April Patch Tuesday promises a fuller slate with eight security bulletins.

After some comparatively light patch rollouts in past months, Microsoft's April Patch Tuesday promises a fuller slate with eight security bulletins. Five are rated "critical" and two "important," with one rare "moderate" patch.

This month's round of security updates may have the most girth of any since October. The rollout is expected to include hotfixes for Windows programs and services, DirectX, and ubiquitous Microsoft applications such as Internet Explorer (IE), Excel and Word. All of the critical items have remote code execution implications. The important items are designed to stop two instances of elevation-of-privilege incursions. Finally, the moderate patch protects against denial-of-service attacks.

Critical Fixes
The first critical bulletin is described as a Windows fix and affects Windows 2000, XP and Windows Server 2003. Meanwhile, the second critical Windows patch touches on all supported Windows client and server OSes.

The third critical fix deals with the DirectX versions 8.1 and 9.0 running on Windows 2000, XP and Windows Server 2003. DirectX consists of application programming interfaces used for multimedia on Windows-based PCs, including game, video and audio applications.

The fourth critical fix expected on Tuesday will update IE versions 5.01, 6 and 7 running on Windows 2000, XP and Vista, as well as Windows Server 2003 and Windows Server 2008. IE has been at the center of recent hacker activity affecting older versions of the browser, plus the recent IE 8.

The fifth critical bulletin to come will fix Excel, affecting Microsoft Office 2000, 2003, 2007 and XP, along with Office 2004 and 2008 for Macs. Security analysts speculate that this Excel fix could be related to a hole in the popular spreadsheet app for which Microsoft issued a security advisory in February. That advisory warned users that exploits were in the wild, potentially affecting all supported versions of Excel.

Important and Moderate Items
The first important fix for this month will pertain to Microsoft's Distributed Transaction Coordinator (MSDTC). The MSDTC is a Windows-based administrative tool that acts as a conduit for information and commands passed over the network via resource managers, SQL Server databases and various other file systems. This fix updates the MSDTC facility program across every supported Windows OS. It's designed to block hackers from infiltrating a system and upping their administrative privileges to change MSDTC configurations, Microsoft says.

The second important fix will affect Microsoft's Forefront Edge Security platform and the Internet Security and Acceleration (ISA) Server. ISA is a server application deployed to stave off malware and firewall-compromising attacks. This fix is supposed to deflect a denial-of-service onslaught where hackers can change access control parameters and lock enterprise administrators out of these programs.

Finally, the lone moderate item in the rollout will affect all Windows OSes and is designed to circumvent elevation-of-privilege attacks.

All of the eight patches may require restarts.

IT pros interested in nonsecurity updates channeled through Windows Update, Microsoft Update and Windows Server Updates can find support in this Knowledge Base article. It provides guidance on IE 8 system updates, along with junk-mail filter upgrades and malicious software removal tool tweaks.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube