"Remember Conficker" should be Microsoft's slogan of the month for April, rallying people to remember that millions of computers were infected with Conficker simply because one patch wasn't installed. Why's that significant? Microsoft's April update schedule has fixes for seven "Conficker wannabes"?
"If you manage workstations this will be a busy month. Microsoft encourages us to act quickly with the bold note on many of the updates: "This vulnerability is currently being exploited in the Internet ecosystem." This is the strongest language I've seen on any of the comments in the new Exploitability Index since Microsoft began using it last October. Not only is exploit code likely but it's in the wild."
TechRepublic's Justin James kindly defined each of the critical patches in his post, "It's Windows Patch Tuesday: April 2009" and described several additional patches that aren't carrying MS's critical rating.
Being an anal IT security person, I thought it best to point out which patches covered vulnerabilities that have zero-day (already in the wild) exploits. Those are MS09-009, MS09-010, and MS09-012. So if it's not possible to install all of the updates right away, please focus on those three.
Next are the updates that fix vulnerabilities with released malcode, but aren't active exploits as of this writing. Those are MS09-013, MS09-014, MS09-015, and MS09-016. Those should be next on the list to install.Final thoughts
Hopefully, the number of critical patches didn't catch anyone off guard, with everyone scheduling enough time to test, install, and reboot. Good luck.
TechRepublic's IT Security e-mail newsletter (delivered every Tuesday) is a great way to keep on top of security issues related to Information Technology. Please make sure to sign up.
Michael Kassner is currently a systems manager for an international company. Together with his son, he runs MKassner Net, a small IT publication consultancy.