Microsoft has released details of April’s Patch Tuesday, which will address 25 issues through 11 security bulletins. It will be released next Tuesday.
Five of the bulletins are rated as critical and affect remote code execution vulnerabilities – issues that could enable an attacker to gain access to an enterprise’s PCs to plant malware or launch at denial of service attack.
The weakness impacts a number of Windows operating systems, including XP, which is still widely used throughout the business world. Microsoft’s newest OS, Windows 7, also required patching, although Wolfgang Kandek, CTO at Qualys, says that it is more secure than legacy operating systems.
“Windows 7 has less critical updates to install than the older operating systems versions, an indication that the newer version of Windows is more robust and secure out of the box,” he said.
Five other fixes in the Patch Tuesday update are rated as important and also involve remote code execution as well as elevation of privilege and denial of service attack. They affect Microsoft Office, Microsoft Exchange and Windows. The final patch is rated as moderate.
Alan Bentley, VP International, Lumension says that the breadth of the updates will keep IT admins on their toes. “Overall, April’s Patch Tuesday Bulletin will address at least two critical vulnerabilities for every popular Microsoft platform in use today, so the impact will be widespread regardless of what operating systems companies are currently running,”
“This means that IT departments will have to address and patch almost every endpoint including servers, laptops and desktops in the organisation. They should be prepared this month and plan ahead as to how they are going to test and then deploy these patches with minimal interruptions to employee productivity levels,” Bentley added.