Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             Archive
                July 2009
                Emergency Patch Release July 2009
                August 2009
                September 2009
                October 2009
                November 2009
                December 2009
                Emergency Patch Release January 2010
                January 2010
                February 2010
                Emergency Patch Release March 2010
                March 2010
                April 2010
                May 2010
                June 2010
                July 2010
                August 2010
                September 2010
                October 2010
                November 2010
                December 2010
                January 2011
             February 2011
             March 2011
             April 2011
             May 2011
             June 2011
             July 2011
             August 2011
             September 2011
             December2011
             January 2012
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> Archive >> April 2010 08 February 2012  
Patch Tuesday April 2010

Microsoft have released eleven bulletins for this month's Patch Tuesday.

Five of these bulletins are rated as Critical. A further five are rated as Important and one with a Moderate rating.

These bulletins all relate to Microsoft Operating Systems and Office software. The majority of the supported operating systems are affected this month; Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 and Windows 2008. All patches either need a system reboot or may need a system reboot.

As usual, these patches address fundamental issues relating to vulnerabilities in the operating system or software which could be used by attackers to compromise your systems.

There is also one major cumulative update since the last Patch Tuesday for every version of Internet Explorer that Microsoft supports. It fixes a total of 10 security holes, some of which allow remote code execution, others which could let the attacker retrieve data they should not. There are also a number of non-security fixes. You should install this patch immediately if you have not yet done so (MS10-018, KB980182).

Another import consideration this month is for Windows Vista. The original release of Vista is no longer supported by Microsoft so updates will no longer be offered. If you are not currently running SP1 or SP2 then we strongly advise you consider upgrading, with the usual precautions on updating operating systems, to ensure Vista can receive updates and be supported.

There are a number of viruses and malware that could exploit these vulnerabilities making them a real threat if left open by giving attackers the ability to compromise your systems.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately.
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.
     
  • Update your Operating systems with the latest round of Critical patches as soon as possible (MS10-019, MS10-020MS10-025, MS10-026, MS10-027)
     
  • Contact us if you require any further advice or guidance on 01206 235000

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 13/04/2010

MS Link ITSL Summary Severity Affected Software Restart after patch

MS10-019

KB981210

 A signature verification system vulnerability can allow remote code execution attacks, which are not mitigated by lower user permissions. Please install this patch as soon as possible.

Critical

 Windows 2000, XP, Vista, 7, 2003, 2008 & 2008R2

Yes

MS10-020

KB980232

 This patch fixes a problem where an attacker could send a remote code execution attack. You will need to install this patch immediately, because the attacker could get full access privileges regardless of the victim’s permission level.

Critical

 Windows 2000, XP, Vista, 7, 2003, 2008 & 2008R2

Yes

MS10-021

KB977165

 This patch addresses a number of reported vulnerabilities in Microsoft Windows. The attacker would need to be logged on in order to exploit them however. Install the patch during your next patch cycle.

Important

 Windows 2000, XP, Vista, 7, 2003, 2008 & 2008R2

Yes

MS10-022

KB981169

 This is the fix for an already disclosed F1 key problem. The severity of this is not critical, since it requires a user to perform certain actions under certain circumstances to be exploited. Install the patch during your next patch cycle.

Important

 Windows XP, Vista, 7, 2003, 2008 & 2008R2

May require restart

MS10-023

KB981160

 If you are using Microsoft Publisher, this patch fixes a remote code execution exploit. Install this for everyone who uses Publisher.

Important

 Microsoft Publisher 2002, 2003, 2007 May require restart

MS10-024

KB976323

 A bug in the SMTP server system could allow denial of service attacks. Install this patch on any servers running SMTP.

Important

 2000, XP, 2003, 2008, 2008 R2, Exchange 2000, Exchange 2003, Exchange 2007, Exchange 2010

Yes

MS10-025

KB980858

 Windows Media Services on Windows Server 2000 can allow remote code execution attacks. Install this patch immediately on those servers.

Critical

 Windows Server 2000

Yes

MS10-026

KB977816

 This patch protects against remote code execution attacks from maliciously crafted AVI files, or streamed malicious MPEG-3 encoded media.  User accounts with lowered permissions may mitigate the risks slightly, but not necessarily. Install this patch immediately to protect against this.

Critical

 Windows 2000, XP, 2003, 2008, Vista

May require restart

MS10-027

KB979402

 This is another Windows Media Player vulnerability.  Very similar to MS10-026. Install this patch as soon as you can.

Critical

 Windows 2000, XP

May require restart

MS10-028

KB980094

 This remote code execution exploit is triggered by opening malicious Visio files. The attacker should get the user’s rights, so lowered privileges might help to prevent some damage. Install for Visio users as soon as you can.

Important

 Visio 2002, Visio 2003, Visio 2007

May require restart

MS10-029

KB978338

 A lack of filtering capabilities (included in later versions of Windows) allows an attacker to spoof an IP address; this patch fixes it. Update your systems with this patch during your next patch cycle.

Moderate

 Windows XP, Vista, 2003, 2008

Yes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

 

We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009-2011 IT ServiceLink LTD A Microsoft Small Business Specialist