14 DAY TRIAL // Microsoft has slapped yet another security patch on Windows Vista. For the Redmond Company's most secure Widows platform to date is the second time in April when an update is available for a critical vulnerability in the operating system. Just a week away since Microsoft has released a security bulletin for a total of seven vulnerabilities impacting Windows, including Vista, the company has made available for download an additional five security bulletins as part of its monthly update cycle.
Tami Gallupe, with MSRC revealed that four out of the five security bulletins have been labeled with a maximum severity rating of Critical while the remaining one is considered Important. "In addition to today's bulletins, we've also released a hotfix to help resolve the known issues related to MS07-017 with applications detailed in Microsoft Knowledge Base Article 925902. This update is available through Windows Update (WU), Microsoft Update (MU), and Automatic Updates (AU) as a High Priority non-security update and will be offered to customers who have installed MS07-017 and also have any of the applications listed in the article," Gallupe explained.
Microsoft Security Bulletin MS07-021 - Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) is without a doubt at the forefront of Microsoft's April update release. And this because it impacts a Windows 2000, Windows XP SP2, Windows Server 2003, and Windows Vista. The update serves to patch no less than three different vulnerabilities the most relevant of which is MsgBox (CSRSS) Remote Code Execution Vulnerability - CVE-2006-6696. Microsoft has warned that a potential attacker could take complete control of an affected system by exploiting this vulnerability.
With the April security bulletins Microsoft has patched no less than 8 vulnerabilities across Windows and Content Management Server. These can be added to the seven flaws resolved on April 3, and the result spells a busy month for the Redmond Company.
- Microsoft Security Bulletin MS07-018 - Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) - Microsoft Security Bulletin MS07-019 - Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) - Microsoft Security Bulletin MS07-020 - Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) - Microsoft Security Bulletin MS07-021 - Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) - Microsoft Security Bulletin MS07-022 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)