April’s humongous Microsoft Patch Day is live.
As expected, Microsoft released a record-breaking 17 security bulletins today, fixing nine Critical and eight Important flaws in Internet Explorer (IE), Windows, Office, and some development packages.
Some highlights from the bulletins include:
- Updates for Windows’ SMB client and server. Trojans, bots, and worms tend to leverage these type of SMB flaws to self propagate, so I consider the SMB updates a high-priority.
- A Windows DNS client vulnerability. An attacker on your network could send specially crafted DNS responses that allow him to gain control of your computer.
- A GDI+ patch. A malicious image could allow an attacker to take control of your computer due to a flaw in a Windows image handling component.
- And many more…
With so many Critical updates, it’s hard to say which to install first. I recommend you follow the priority recommended in Microsoft’s summary bulletin.
We’ll post more detailed alerts about these flaws, and how to fix them, shortly. — Corey Nachreiner, CISSP