Microsoft Patch Tuesday Update - April 2009


Yesterday was patch Tuesday and Microsoft released eight security bulletins that addressed 21 vulnerabilities, 10 of which were rated as critical. This was the largest update since October 2008, when Microsoft patched Windows, IE, Word and Excel. The patches addressed the following vulnerabilities:


MS09-009 (Critical) Vulnerabilities in Microsoft office Excel could cause remote code execution.


MS09-010 (Critical) Vulnerabilities in WordPad and Office Text converters could allow remote code execution.


MS09-011 (Critical) Vulnerability in Microsoft DirectShow could allow remote code execution.


MS09-012 (Important) Vulnerabilities in Windows could allow elevation of privilege.


MS09-013 (Critical) Vulnerabilities in Windows HTTP service could allow remote code execution.


MS09-014 (Critical) Cumulative security update for Internet Explorer.


MS09-015 (Moderate) Blended threat vulnerability in SearchPath could allow elevation or privilege.


MS09-016 (Important) Vulnerabilities in Microsoft ISA server and ForeFront threat management gateway (Business edition) could cause denial of service.


The patches can be downloaded by using Windows Server Update Services or Software Update Service.


As with all patches that Microsoft, or any other vendor, releases, all should be tested in a non-production environment to understand their impact. I often get asked about the Important or less important patches. My opinion is that all patches should be evaluated. In today's environments that are 24x7, you need to test all patches when they are released, critical or not. There's a reason they're being released.