Microsoft Security Bulletin released for the month of April

Microsoft has released its security bulletin summary for April 2010. This month Microsoft has released 11 bulletins which comprises of 18 vulnerabilities that have been addressed.

Out of the 11 bulletins five bulletins have been rated “Critical”, five bulletins have been rated “Important” and one bulletin has been rated “Moderate”. Eight bulletins are related to “Remote Code Execution” vulnerability, one bulletin is related to “Elevation of Privilege” vulnerability, one bulletin is related to “Denial of Service” vulnerability and one bulletin is related to “Spoofing” vulnerability.

The 11 bulletins released this month provide security updates for Microsoft Windows operating system, Microsoft Office and Microsoft Exchange. Out of the 11 bulletins eight bulletins provide security updates for Microsoft Windows operating system, two bulletins provide security updates for Microsoft Office and one bulletin provides security update for both Microsoft Exchange and Microsoft Windows operating system.

The following vulnerabilities have been rated Critical:

• Bulletin MS10-019 resolves two vulnerabilities in Windows Authenticode Verification that could allow remote code execution.
• Bulletin MS10-020 resolves five vulnerabilities in Microsoft Windows operating system.
• Bulletin MS10-025 resolves vulnerability in Windows Media Services running on Microsoft Windows 2000 Server.
• Bulletin MS10-026 resolves vulnerability in Microsoft MPEG Layer-3 audio codecs.
• Bulletin MS10-027 resolves vulnerability in Windows Media Player.

The following vulnerabilities have been rated Important:

• Bulletin MS10-021 resolves two vulnerabilities in Microsoft Windows operating system.
• Bulletin MS10-022 resolves vulnerability in VBScript on Microsoft Windows that could allow remote code execution.
• Bulletin MS10-023 resolves vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file.
• Bulletin MS10-024 resolves vulnerability in Microsoft Exchange and Windows SMTP Service.
• Bulletin MS10-028 resolves two vulnerabilities in Microsoft Office Visio.

The following vulnerability has been rated Moderate:

• Bulletin MS10-029 resolves vulnerability in Microsoft Windows operating system.

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit Microsoft Security Bulletin Summary – April 2010 page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.