April Microsoft Updates

Well, it’s that time of the month again; the second Tuesday of the month (well yesterday anyway), and Microsoft has some updates that you need to make sure you have installed. A critically rated vulnerability, as you may remember form other articles, is the highest level of severity given to a vulnerability and it should be dealt with immediately.

With that in mind, it has been a busy 30 days for the software giant (Microsoft), as three critically rated Internet Explorer and general Windows flaws have been exposed. All of these flaws allow an attacker to execute remote code through these flaws, potentially taking control of the end-user’s PC. There is also an important rated flaw pertaining to Outlook Express, as well as, a moderately rated vulnerability for FrontPage (Web design program) server extensions. All of these are risks I think most of you don’t need to worry about, but it doesn’t hurt to let you know about them.

I would hope that most of you have your Windows set to at least warn you of the New Windows Updates. If you are unsure, you can check this by right clicking on “My Computer” and selecting the Automatic Updates tab. Here you will see all of your Windows update settings. Since this update requires a reboot, you should notice an alert that pops up telling you that you have updates that require a restart in order to take effect. After a reboot, your system will be patched and these critical vulnerabilities will be thwarted.

Below, I have created a simple table of links out to Microsoft Bulletins regarding the critically rated vulnerabilities. If you would like some more specific information, check them out.

Bulletin Identifier
Bulletin Title

Microsoft Security Bulletin MS06-013:

This is actually a cumulative patch covering a number of critical vulnerabilities including the newly discovered address bar spoofing vulnerability that is pretty scary.

Cumulative Security Update for Internet Explorer (912812)

Microsoft Security Bulletin MS06-014:

This is a vulnerability in the RDS.Dataspace ActiveX control, which can allow an attacker to execute remote code and take complete control of your system.

Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

Microsoft Security Bulletin MS06-015:

This is a Shell vulnerability that affects users who visit specially crafted Web sites. It allows an attacker to execute remote code by taking control of the user’s system.

Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

So, remember to make sure you have April’s updates, because they are no joke. Until next week, stay safe out there.

~ Chad Stelnicki