Microsoft Corp. has released four security fixes it deems critical as part of its regularly scheduled software update, the patches also correct a few problems caused by last week's emergency patch.
Microsoft Security Bulletin Summary for April 2007 This bulletin summary lists security bulletins released for April 2007.
Microsoft has confirmed that they will not wait until April's "Patch Tuesday" to release a fix correcting a critical flaw in Windows Animated Cursor Handling, which affects most versions of their operating systems. The exploit, which results in a crash-restart-crash loop, is triggered by a buffer overflow in an animated cursor file.
Animated cursors could prove risky for Windows users, warns Microsoft. The software giant is investigating reports that the way Windows handles alternatives to the traditional arrow cursor can leave PCs open to attack. By booby-trapping a website or e-mail attachment with code that exploits the flaw, malicious hackers could hijack a Windows PC. Microsoft warned users to be wary of attachments and urged them to update security software to combat the threat.
Microsoft is to release twelve patches next week to fix a variety of issues in Windows, Office, Visual Studio, and several other applications. At least five of these patches will be rated "critical."
5 Updates for 32bit and 64bit versions of Vista have been released by microsoft. They are available via the built-in Windows Update client. (KB930857), (KB928089), (KB929427), (KB931573) & (KB929735)
Microsoft Corp. released three security patches for its prevalent Office line of software and one for the Windows operating system on Tuesday, fixing holes that could let an outsider take control of an unwitting victim's computer. Two of the Office vulnerabilities and the Windows hole were deemed critical, the company's highest threat level. The fourth, rated "important," affects only versions of Office with a Brazilian Portuguese grammar analyser. One of the critical vulnerabilities can be found in Microsoft's latest Web browser, Internet Explorer 7. But none affect Microsoft's new Office 2007 or Windows Vista packages, which have been released to business customers and hit the consumer market Jan. 30. Users with Microsoft's automatic updates feature will get the patches sent to their computers. Other users should visit Microsoft's security Web pages.
Microsoft is to release 8 Security Patches for January that includes an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Centre but not on Software Update Services (SUS). As well, Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
A vulnerability in Media Player 9 and 10 can be used by attackers to grab control of a PC, security researchers warned. A malicious .asx-formatted playlist, if opened by an unsuspecting user, could completely compromise the machine. Windows XP users should upgrade to Media Player 11, or disable the .asx format, or change settings so that playlists don't automatically open within Internet Explorer.