April 2011 MS Patch Tuesday – 17 patches, 64 vulnerabilities

Patch Tuesday for January - what you need to know

Man with an eye patchMicrosoft released their security update bundle this morning covering a large swath of products. The most critical fixes for most people affect Windows and Microsoft Office.

Fifteen of the updates address Remote Code Execution (RCE) flaws. If exploited, these bugs could allow an attacker to execute arbitrary code on the victim’s system.

Fortunately, all but one of these flaws only allow the code to run in the context of the currently logged in user. Assuming your users are not running as Administrators, this limits the attack to only running code and accessing files on that user’s account.

One exception is MS11-032, a vulnerability in OpenType fonts, which allows kernel-level remote code execution. This flaw was privately disclosed and has not appeared in the wild to date.

Another long awaited fix that Microsoft delivered this month is MS11-026. I wrote about this vulnerability back in January. It is better known as the MHTML vulnerability.

The flaw in Internet Explorer 6, 7 and 8 that was used at this year’s Pwn20wn contest was also fixed. The update is known as MS11-018 and Sophos detects known malware attacking this vulnerability as Troj/ExpJS-BV.

Microsoft has rated nine of these patches as Critical, and as with most security updates, we encourage everyone to apply them as soon as they are able. SophosLabs has analyzed these bulletins as well and gives them a rating of Medium.

SophosLabs have published their findings for this months patches on our Vulnerability Analysis page.

Time to get patching! For a complete view of the threat landscape and the trends we are seeing in SophosLabs, download our 2011 Threat Report.