Posted by Virus Bulletin on Apr 11, 2007
Fix for earlier .ani patch and another Vista issue included in batch.
Five out of six vulnerabilities patched by Microsoft yesterday, in April's 'Patch Tuesday' monthly security update, are labelled 'critical' and can be used to execute remote code on victim machines.
Four of the five affect Windows core systems, while the fifth only affects the Content Management Server. The sixth flaw, labelled only 'Important', is in the Windows kernel itself, and could allow a local user to escalate privileges. Two of the more serious flaws, including the animated cursor vulnerability and another involving CSRSS, also affect the latest version of Windows, Windows Vista. The patch for the .ani flaw, released out-of-cycle last week after much media attention and widespread exploitation, has been updated to resolve clashes with some third-party software.
As usual, users are urged to apply the patches as soon as possible to ensure their machines are safe from exploitation of these vulnerabilities. Several other known vulnerabilities, including some in the widely used Microsoft Word and other Office products, remain unpatched and users should continue to exercise caution when visiting untrusted websites.
More details of the latest batch of fixes can be found in the Microsoft Security Bulletin, here, and a Security Response blog entry, here.
Posted on 11 April 2007 by Virus Bulletin
