Microsoft Issues Five Security Updates
Three of the security updates to the Windows operating system were rated critical. Hackers could use the vulnerabilities to install malicious code on a victim's PC. The fourth flaw addresses a vulnerability in Microsoft's Content Management Server software.
Davis Marcus, a security research and communications manager for McAfee Avert Labs, said the Microsoft Content Management Server vulnerability and the Windows Client/Server Runtime Subsystem (CSRSS) vulnerability are of particular concern.
"Both of these can result in remote code execution on affected systems," Marcus explained in a statement. "Combined with the popularity of browser or Web-based attack vectors, these vulnerabilities can be particularly dangerous. Consumers and enterprises should take these vulnerabilities very seriously and employ a risk-based management approach to make sure they are properly protected."
The critical ANI cursor flaw patch, which fixed a problem in the way Windows handled animated cursor files, was added to April's Patch Tuesday mix.
According to Microsoft's security blog, last week's patch caused problems with some third-party applications, including TUGZip, a free file-archiving utility and CD-Tag, a program that turns CDs into digital audio files. But some security researchers believe the ANI issue is far from over.
"While Microsoft fixed the ANI vulnerability last week, a new Vista vulnerability has emerged and was addressed, leading experts to believe that this is the beginning of the weaknesses that we will see this year with Vista and that Microsoft's reuse of code from previous versions of Windows can weaken Microsoft's new Security Development Lifecycle," said Amol Sarwate, manager of the vulnerability research lab at Qualys.
Meanwhile, update MS07-021 addresses the...