Microsoft Releases Eight Security Patches for April

On April 14, 2009, Microsoft issued eight security patches addressing 23 flaws in total, a number of which potentially allow hackers to launch attacks on people's computers from remote areas.

Together the security updates close a series of loopholes in the security arrangements of Microsoft Office, Windows, Microsoft Internet Security and Acceleration Server, and Internet Explorer (IE). Of the 8 security bulletins issued, 5 are deemed "critical," suggesting that it is possible for attackers to exploit the related flaws to execute arbitrary software onto affected PCs. Besides, 2 are declared less severe and are ranked "important" while 1 is rated as "moderate."

Moreover, the Microsoft patch load contains two patches for Microsoft Office that fixes zero-day flaws already being exploited online. Say experts that a particular serious security update among the Microsoft bulletins repairs a critical bug in Microsoft Excel. This bug was first noticed in February 2009 with which malicious attackers could execute an assault by delivering a distorted Excel file to the end-user. Once the end-user viewed the malformed file, it could enable the attacker to install malicious code and run it on the computer after it is logged-on.

Yet other Office bulletin takes care of an attack code active in Office Text Converters and WordPad that was first noticed during December 2008. This code allowed hackers to take advantage of the vulnerability, provided a user accessed a contaminated file delivered through e-mail. Thus, if the infected WordPad or Word document is viewed, a malicious code could be executed that may lead to the hacking of the machine.

Meanwhile, Microsoft's bulletin also repairs an earlier reported critical IE bug with which an attacker could run malicious code provided a user opens a hostile web page in his browser.

Besides this, the update bundle contains a patch that addresses yet another critical flaw that enables execution of arbitrary code remotely in Microsoft DirectX, which also abused a malevolent video file or website to allow the hacker to gain the same log-on privileges as that of the end-user.

Eventually, the last critical vulnerability is a Windows HTTP utility problem with which an attacker could hack into a system after installing a malicious code remotely.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 4/20/2009