Microsoft released six security updates for April, rating five of them as critical. Here's a brief description of each update; for more information, go to
http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx
MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution
This update addresses several vulnerabilities, some of which have been made public. Some of the vulnerabilities could be used to take control of an affected computer. This bulletin was released on April 3 rather than as part of the normal Microsoft update release cycle. This bulletin replaces bulletins MS06-001, MS06-054, and MS05-002.
Applies to: Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
Recommendation: The fact that Microsoft released this update early indicates the severity of the problem it addresses. If you haven't deployed this update already, you should accelerate testing and deployment of this update on vulnerable systems.
MS07-018: Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution
This update addresses a remote code execution vulnerability and a cross-site scripting and spoofing vulnerability. An attacker who is able to exploit this vulnerability might be able to install programs or modify data on the affected computer.
Applies to: Microsoft Content Management Server 2001 SP1 and Content Management Server 2002 SP2
Recommendation: Although Microsoft rates this update as critical, the vulnerabilities it addresses haven't been publicly disclosed. If your organization uses the affected versions of Content Management Server, you should test these updates and deploy them promptly.
MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution
This update addresses a vulnerability in Windows XP's Universal Plug and Play service. An attacker on the same subnet could send a specially crafted HTTP request that could be used to take control of an affected system.
Applies to: Windows XP
Recommendation: Although Microsoft rates this update as critical, the vulnerability that it addresses has not been publicly disclosed. It also applies only if the attacker is on the same subnet as the target computer. You should promptly test and deploy this update on vulnerable systems.
MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
This update addresses a remote code execution vulnerability in Microsoft Agent. The attack is of an indirect nature because it requires a user to visit an attacker's Web site.
Applies to: Windows 2000, Windows XP, and Windows Server 2003
Recommendation: Although Microsoft rates this update as critical, the vulnerability hasn't been publicly disclosed. You should promptly test and deploy this update on vulnerable systems.
MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution
This update addresses vulnerabilities in the Windows Client/Server Run-time Subsystem. An attacker could create an application that exploits this vulnerability to allow remote control of an affected system.
Applies to: Windows 2000, Windows XP, Windows Server 2003, and Windows Vista
Recommendation: Microsoft rates this update as critical because the details of this vulnerability have been publicly reported. You should accelerate testing and deployment of this update on vulnerable systems.
MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
This privilege elevation vulnerability in the Windows Kernel could be exploited to take control of an affected system. Exploiting this vulnerability requires that the attacker have direct access to the computer. This bulletin replaces MS06-049.
Applies to: Windows 2000, Windows XP, and Windows Server 2003. The 64-bit editions of these OSs aren't vulnerable.
Recommendation: Microsoft rates this bulletin as important. You should test and deploy this update as part of your normal patch management cycle.
