Fix for earlier .ani patch and another Vista issue included in batch.
Five out of six vulnerabilities patched by
Microsoft
yesterday, in April’s ‘Patch Tuesday’ monthly security update, are labelled ‘critical’ and can be used to execute remote code on victim machines.
Four of the five affect
Windows
core systems, while the fifth only affects the
Content Management Server
. The sixth flaw, labelled only ‘Important’, is in the
Windows
kernel itself, and could allow a local user to escalate privileges. Two of the more serious flaws, including the
animated cursor vulnerability
and another involving CSRSS, also affect the latest version of
Windows
,
Windows Vista
. The patch for the .ani flaw,
released out-of-cycle
last week after much media attention and widespread exploitation, has been updated to resolve clashes with some third-party software.
As usual, users are urged to apply the patches as soon as possible to ensure their machines are safe from exploitation of these vulnerabilities. Several other known vulnerabilities, including some in the widely used
Microsoft Word
and other
Office
products, remain unpatched and users should continue to exercise caution when visiting untrusted websites.
More details of the latest batch of fixes can be found in the
Microsoft Security Bulletin
,
here
, and a
Security Response
blog entry,
here
.
Posted on 11 April 2007 by
Virus Bulletin
Leave a Reply