The Channel logo

News

By | John Leyden 9th April 2008 10:34

ActiveX update stars in Patch Tuesday critical quintet

It's that time of the month again

Microsoft released five critical patches on Tuesday as part of its latest Patch Tuesday update. The release also included three bulletins over security flaws rated by Redmond as "important".

The worst of the quintet is a flaw in ActiveX. This update also includes a kill bit for the Yahoo! Music Jukebox product, the topic of a proof of concept exploit. Proof that the security bug can be misused makes it a higher risk than the other four critical updates.

The other updates include a cumulative update for Internet Explorer, as well as Office and Windows fixes. Vista is as affected by these critical bugs as XP. Windows Servers are less exposed to these updates, but still need patching.

Observers such as the SANS Institute's Internet Storm Centre (ISC) think Microsoft has underestimated the seriousness of its three important updates. The ISC reckons a flaw that leaves Windows DNS clients vulnerable to spoofing because of entropy in a random number generator is better thought of as critical.

It also considers an input validation vulnerability in the windows kernel that allows privilege escalation, and multiple input validation vulnerabilities in Visio that might allow code injection, to be worse risks than Redmond cares to acknowledge.

The Microsoft April Patch Tuesday summary can be found here. ISC's easier to understand Black Tuesday Overview is here.

In other patching news, Adobe pushed out a patch on Tuesday to addresses multiple vulnerabilities in Adobe Flash Player. Users are advised to update to version 9.0.124.0 of Adobe Flash to guard against potential code injection and cross site scripting risk.

Adobe's bulletin can be found here. Security notification firm Secunia has published a more readable overview here. ®

comment icon Read 7 comments on this article alert Send corrections

Opinion

Privacy image

Frank Jennings

Two working parties, ministers galore... but data transfer law remains in limbo
EMC_Unity_bezel

Chris Evans

It does simplify the hardware setup, whatever it is
A microscopic view of the biometric shark skin. Pic: James Weaver

Chris Mellor

Do something and stop faffing about in the bush league

Kat Hall

International system in general needs greater transparency

Features

Nerd fail photo via Shutterstock
Shouting match
Single market vs. rest of the world
hacker
Mostly it's financial crime. Here's what all the cool kids' terms mean in English
Apple logo. Pic: Blake Patterson
Plenty of bumps in the 40-year road for Mac makers