14 DAY TRIAL // Microsoft released a massive package of patches this month, bundling together the security bulletins targeting Windows into a single ISO image. No less than nine security bulletins released earlier this week have been packaged into the April 2010 Security Release ISO Image, which is offered for free via the Microsoft Download Center. Of course, all the security updates are also available through Windows Update and Microsoft Update, having been released on April 13th. Customers are advised to deploy all patches as soon as possible.
“As part of our monthly security update cycle, we are releasing 11 security bulletins to address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate. This month’s release affects Windows, Microsoft Office, and Microsoft Exchange,” Jerry Bryant, group manager, Response Communications, revealed. “Our guidance on deployment priority is that customers should consider MS10-019, MS10-026, and MS10-027 as the top priority bulletins for April.”
The Security Release ISO Image releases are designed to make easier the job of IT professionals that are administrating environments that lack an automated solution designed to deliver patches such as Windows Server Update Services (WSUS). Via the ISO, Microsoft is providing admins with an easy way to access and download multiple patches in all supported languages simultaneously. Of course, the downside is that the Security Release ISO Image only offers Windows updates, whereas Microsoft released patches for Office and Exchange as well earlier this week.
Windows 7, Microsoft’s latest iteration of the Windows client, is affected by only three of the security bulletins, including MS10-019, which has been deemed a priority as far as deployment is concerned. MS10-019 is rated Critical and designed to patch two vulnerabilities in Windows Authenticode Verification. Also rated Critical is MS10-020, designed to resolve a vulnerability in the SMB client, which also impacts Windows 7. MS10-021 deals with issues in the Windows Kernel, vulnerabilities that pose only a moderate risk to users, allowing only for the elevation of privileges at best, but not for remote code execution.
The April 2010 Security Release ISO Image is available for download here.