Microsoft releases April security update package

Posted by Wolfgang Gruener

Redmond (WA) – Microsoft today released previously announced security updates as part of its monthly update cycle. A total of 12 software updates are available, including five critical security patches.

The security updates cover Security Bulletins MS07-017 to MS07-021, all of which address remote code execution threats. In detail the updates patch vulnerabilities in Microsoft’s GDI, Content Management Server, Universal Plug and Play, Agent as well as in the in Windows Client/Server Run-time Subsystem (CSRSS).  Another “important” security update is recommended to resolves a vulnerability in the Windows Kernel that could allow an attack to elevate user rights – install programs, view, change, or delete data or create new accounts with full user rights.

All patches are offered through Microsoft’s Software Update Services (SUS).

Microsoft has also released a new version of the Malicious Software Removal Tool, which is distributed as a separate download on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Six non-security related updates have become available as well, four of which have been posted on Microsoft Update (MU) and Windows Server Update Services (WSUS); two updates are available through Windows Update (WU) and the firm’s Software Update Services.