Microsoft released five critical patches on Tuesday as part of its latest Patch Tuesday update. The release also included three bulletins over security flaws rated by Redmond as "important".

The worst of the quintet is a flaw in ActiveX. This update also includes a kill bit for the Yahoo! Music Jukebox product, the topic of a proof of concept exploit. Proof that the security bug can be misused makes it a higher risk than the other four critical updates.

Observers such as the SANS Institute's Internet Storm Centre (ISC) think Microsoft has underestimated the seriousness of its three important updates. The ISC reckons a flaw that leaves Windows DNS clients vulnerable to spoofing because of entropy in a random number generator is better thought of as critical.

It also considers an input validation vulnerability in the windows kernel that allows privilege escalation, and multiple input validation vulnerabilities in Visio that might allow code injection, to be worse risks than Redmond cares to acknowledge.

The Microsoft April Patch Tuesday summary can be found here. ISC's easier to understand Black Tuesday Overview is here.

In other patching news, Adobe pushed out a patch on Tuesday to addresses multiple vulnerabilities in Adobe Flash Player. Users are advised to update to version 9.0.124.0 of Adobe Flash to guard against potential code injection and cross site scripting risk.

Adobe's bulletin can be found here. Security notification firm Secunia has published a more readable overview here. ®

Related stories

• Microsoft ramps up vuln ActiveX controls cull (15 August 2008)
• MS issues eleventh hour Snapshot bug workaround (8 July 2008)
• Microsoft Patch Tuesday promises seven fixes (6 June 2008)
• Updated Attack code in the wild targets new (sort of) Adobe Flash vuln (27 May 2008)
• Apple unleashes monster patch batch on Mac faithful (19 March 2008)
• Critical Outlook and Excel bugs star in March Patch Tuesday (12 March 2008)
• Cisco hops onto patching treadmill (6 March 2008)
• Mystery web infection grows, but cause remains elusive (16 January 2008)
• Microsoft plugs 'critical' hole in Vista (8 January 2008)
• Fight malware by upgrading to Vista, urges MS (23 October 2007)
• Exploit Wednesday follows Patch Tuesday Word update (11 October 2007)