|13 Apr 2010||#1|
| || |
April 2010 Security Bulletin Release
Today, as part of our monthly security update cycle, we are releasing11 security bulletins to address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate. This month’s release affects Windows, Microsoft Office, and Microsoft Exchange. Additionally, the Malicious Software Removal Tool (MSRT) was updated to include Win32/Magania.
Our guidance on deployment priority is that customers should consider MS10-019, MS10-026, and MS10-027 as the top priority bulletins for April. We do however recommend that customers deploy all security updates as soon as possible.
The Severity and Exploitability Index slide gives an aggregate view of the overall risk and impact or each bulletin.
We continue to encourage customers to upgrade to the latest operating systems to benefit from the increased security protections provided by these platforms. Understanding that no software is perfect, the table below demonstrates the reduced impact of the April security bulletins on operating systems that have benefitted from the Security Development Lifecycle (SDL):
This month we are closing out the following to Security Advisories. Please note that while these issues have been open, we have not seen any active attacks against them in our extensive monitoring of the threat landscape.
· Microsoft Security Advisory (981169) - Vulnerability in VBScript Could Allow Remote Code Execution (MS10-022).
· Microsoft Security Advisory (977544) - Vulnerability in SMB Could Allow Denial of Service (MS10-020).
There is one additional item I want to mention concerning the April security updates. MS10-021 is a Windows Kernel update. You may recall that the last Kernel update, MS10-015, exposed some systems that were infected with the Alureon rootkit. For MS10-021, and for all of our Kernel updates going forward, we have included detection logic for unusual conditions or modifications to the Windows Kernel binaries. If such conditions are detected, the update will return an error to the user and fail to install. Customers who see this error should contact our Customer Service and Support team for help determining if you have malware on your system.
Additional details about this month’s bulletins can also be found on the Security Research & Defense team blog.
As always, Microsoft encourages system administrators to join the monthly technical webcast to learn more about the April 2010 security bulletin release. Registration information:
· Date: Wednesday, April 14, 2010
· Time: 11:00 a.m. PDT (UTC -8)
· Registration: http://msevents.microsoft.com/CUI/We...tID=1032427721
Also, another reminder that we recently announced a new corporate Twitter account for security response communications. You can follow the team for late breaking news and updates on the threat landscape here: @MSFTSecResponse.
Group Manager, Response Communications
*This posting is provided "AS IS" with no warranties, and confers no rights*
|My System Specs|
|Similar help and support threads for2: April 2010 Security Bulletin Release|
|Microsoft security bulletin for April 9 2013||Security News|
|May 2010 Security Bulletin Release||News|
|Microsoft Security Bulletin Summary for April 13, 2010||System Security|
|April 2010 Bulletin Release Advance Notification||News|
|March 2010 Security Bulletin Release||News|
|February 2010 Security Bulletin Release||News|
|January 2010 Security Bulletin Release||News|