Released on Tuesday 13th April 2010, this month’s set of security bulletins from Microsoft to guard against potential vulnerabilities affects Windows, Microsoft Office, and Microsoft Exchange. The 11 security bulletins address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate.
MS10-019, 026 & 027 warrant particular mention as they affect server workloads running on All versions of Windows, 2003/2008 and Windows 2000 respectively. The security risks inherent within these updates should not be overlooked as they remedy potential security exploitation on these operating systems.
MS10-019: remedies an issue where an attacker could potentially alter signed executable content (PE and CAB files) without invalidating the signature.
MS10-026: remedies an issue where a specially crafted AVI file could trigger remote code execution.
MS10-027: similar to 026, remedies and issue with Windows Media player which could allow remote code execution if opening specially crafted content on a remote web site.
The Deployment Priority, Severity and Exploitability Index and Summary of affected software for each bulletin are covered in more detail within the official Microsoft monthly presentation slides below:
As usual, as a UKFast customer, you benefit from updates being applied automatically unless you have opted out of this service.