News

Five 'Critical' Patches Planned for Tuesday

After some comparatively light patch rollouts in past months, Microsoft's April Patch Tuesday promises a fuller slate with eight security bulletins.

After some comparatively light patch rollouts in past months, Microsoft's April Patch Tuesday promises a fuller slate with eight security bulletins. Five are rated "critical" and two "important," with one rare "moderate" patch.

This month's round of security updates may have the most girth of any since October. The rollout is expected to include hotfixes for Windows programs and services, DirectX, and ubiquitous Microsoft applications such as Internet Explorer (IE), Excel and Word. All of the critical items have remote code execution implications. The important items are designed to stop two instances of elevation-of-privilege incursions. Finally, the moderate patch protects against denial-of-service attacks.

Critical Fixes
The first critical bulletin is described as a Windows fix and affects Windows 2000, XP and Windows Server 2003. Meanwhile, the second critical Windows patch touches on all supported Windows client and server OSes.

The third critical fix deals with the DirectX versions 8.1 and 9.0 running on Windows 2000, XP and Windows Server 2003. DirectX consists of application programming interfaces used for multimedia on Windows-based PCs, including game, video and audio applications.

The fourth critical fix expected on Tuesday will update IE versions 5.01, 6 and 7 running on Windows 2000, XP and Vista, as well as Windows Server 2003 and Windows Server 2008. IE has been at the center of recent hacker activity affecting older versions of the browser, plus the recent IE 8.

The fifth critical bulletin to come will fix Excel, affecting Microsoft Office 2000, 2003, 2007 and XP, along with Office 2004 and 2008 for Macs. Security analysts speculate that this Excel fix could be related to a hole in the popular spreadsheet app for which Microsoft issued a security advisory in February. That advisory warned users that exploits were in the wild, potentially affecting all supported versions of Excel.

Important and Moderate Items
The first important fix for this month will pertain to Microsoft's Distributed Transaction Coordinator (MSDTC). The MSDTC is a Windows-based administrative tool that acts as a conduit for information and commands passed over the network via resource managers, SQL Server databases and various other file systems. This fix updates the MSDTC facility program across every supported Windows OS. It's designed to block hackers from infiltrating a system and upping their administrative privileges to change MSDTC configurations, Microsoft says.

The second important fix will affect Microsoft's Forefront Edge Security platform and the Internet Security and Acceleration (ISA) Server. ISA is a server application deployed to stave off malware and firewall-compromising attacks. This fix is supposed to deflect a denial-of-service onslaught where hackers can change access control parameters and lock enterprise administrators out of these programs.

Finally, the lone moderate item in the rollout will affect all Windows OSes and is designed to circumvent elevation-of-privilege attacks.

All of the eight patches may require restarts.

IT pros interested in nonsecurity updates channeled through Windows Update, Microsoft Update and Windows Server Updates can find support in this Knowledge Base article. It provides guidance on IE 8 system updates, along with junk-mail filter upgrades and malicious software removal tool tweaks.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.