Microsoft's April Patch Tuesday offers 11 updates

As part of its regular update cycle, Microsoft has released five critical, five important and one moderate risk update to fix security holes in Windows, MS Office and Exchange. The most prominent among them is the "F1 hole" in the VBScript engine for which exploits are already available online.

However, the company has also rated holes in Microsoft Office Publisher, in Visio, in the MP3 codec and in the Media Player and Services with an exploitability index of 1. This means that Microsoft's security experts anticipate that dangerous exploit code is very likely to appear in the near future.

While the critical patch for the SMB client addresses a total of five security holes, some of which were already previously disclosed, Microsoft anticipates that potential exploits for this hole will remain unreliable. A similar rating applies to the two security holes in the Authenticode verification modules for checking digital file signatures.

As anticipated, Microsoft has not yet included an update for the cross-domain problem in Internet Explorer disclosed in February. Irrespective of this, Windows users and administrators should ensure that the updates are installed as soon as possible to avoid exposing systems to unnecessary threats. Those who haven't yet installed the available Service Packs for Vista and XP are advised to immediately install them. The official support of Windows Vista without Service Pack ends today; the support for Windows XP Service Pack 2 will expire on the 13th of July 2010.

See also:

• Microsoft Security Bulletin Summary for April 2010, security advisory from Microsoft.
• End of Support for Windows Vista RTM and recent Service Pack Support policy updates, Microsoft Support Lifecycle blog post.

(crve)