It's Microsoft Patch Tuesday: April 2010

Justin James gathers the information you need to make the right decision on applying Microsoft's April 2010 patches in your organization.

It is very refreshing to see that the number of out-of-band Microsoft updates has been kept to a minimum this time around! Unfortunately, we have 11 patches fixing a total of 25 security holes. Do not forget, if you are using the RTM version of Vista (one without any service packs installed), you are no longer supported and will not be offered these patches; you will need to get at least SP1 installed to have user support again.

This blog post is also available in PDF format in a free TechRepublic download. The previous month's Microsoft Patch Tuesday blog entries are also available.

Security patches

  • MS10-019/KB981210 - Critical (2000, XP, Vista, 7, 2003, 2008, 2008 R2): Problems with the Authenticode Verification system can allow remote code execution attacks, which are not mitigated by lower user permissions. Install this fix immediately. 98KB - 870KB
  • MS10-020/KB980232 - Critical (2000, XP, Vista, 7, 2003, 2008, 2008 R2): This patch fixes a problem in SMB handling where an attacker could send a specially crafted response to an SMB request that would allow a remote code execution attack. You will want to install this patch immediately, because the attacker gets full privileges regardless of the user's permission level. 235KB - 1.2MB
  • MS10-021/KB979683 - Important (2000, XP, Vista, 2003)/Moderate (7, 2008, 2008 R2): This patch addresses a number of problems. Luckily, even the worst of them requires the attacker to be logged on. Some of the problems fixed are escalation of privileges; others are denial-of-service problems. Install the patch during your next patch cycle. 1.6MB - 7.8MB
  • MS10-022/KB981169 - Important (XP, 2003)/Low (Vista, 7, 2008, 2008 R2): This is the fix for the already exploited F1 problem. The severity on this one is not critical, since it requires a user to perform certain actions under certain circumstances to be exploited. Install the patch during your usual window. 221KB - 1.1MB
  • MS10-023/KB981160 - Important (Publisher 2002, Publisher 2003, Publisher 2007): If you are using Publisher, this patch fixes a remote code execution exploit when opening specially crafted files. Install this for the folks who use Publisher. 2.9MB - 5.2M
  • MS10-024/KB976323 - Important (2000, XP, 2003, 2008, 2008 R2, Exchange 2000, Exchange 2003, Exchange 2007, Exchange 2010): A bug in the SMTP server system can allow denial-of-service attacks. Install this patch on any servers running SMTP. 434KB - 1.4MB
  • MS10-025/KB980858 - Critical (2000): Windows Media Services on Windows 2000 can allow remote code execution attacks. Install this patch immediately on those servers. 700KB
  • MS10-026/KB977816 - Critical (2000, XP, 2003, 2008)/Important (Vista): If you open a specially crafted AVI file or view a stream of malicious MPEG-3 encoded media, your system could be open to a remote code execution attack. Accounts with lower permissions may mitigate the risks slightly, but do not count on it, because the information I have read says that could be trouble. Install this patch immediately to protect against this. 159KB - 865KB
  • MS10-027/KB979402 - Critical (2000, XP): Another Windows Media Player vulnerability. Again, if you open media that has been specially crafted, remote code execution may result, with the attacker's rights hopefully being lowered by the user having lowered rights. Install the patch as soon as you can. 2.3MB
  • MS10-028/KB980094 - Important (Visio 2002, Visio 2003, Visio 2007): This remote code execution exploit is triggered by opening malicious Visio files. The attacker should get the user's rights, so lowered privileges should prevent some of the damage. Install for Visio users as soon as you can. 10.9MB - 15.5MB
  • MS10-029/KB978338 - Moderate (XP, Vista, 2003, 2008): A lack of filtering capabilities (included in later versions of Windows) allows an attacker to spoof an IPv4 address; this patch fixes it. Update your systems with this patch during your normal time for patching. 637KB - 2.9MB

Other updates

There are none to report this month.

"The Usual Suspects": Updates to the Malicious Software Removal Tool (9.8MB - 10.1MB) and Junk Email filters (2.2MB).

Changed, but not significantly:

Updates since the last Patch Tuesday

MS10-018/KB980182 - Critical (2000, XP, Vista, 7, 2003, 2008, 2008 R2): This is a giant cumulative update for every version of Internet Explorer that Microsoft supports. It fixes a total of 10 security holes, some of which allow remote code execution and others that let the attacker get data they should not. There is also a huge pile of nonsecurity fixes. You should install this immediately if you have not yet done so. 3.3MB - 40.6MB

There have been a number of minor items added and updated since the last Patch Tuesday:

Changed, but not significantly:

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!


Justin James is the Lead Architect for Conigent.

Editor's Picks