Microsoft's April Security Update Includes 4 'Critical' Fixes

April's security update arrived today, packing six bulletins for 11 flaws.  Four of the six fixes have been categorized as "critical" -- Microsoft's most severe level.Microsoft defines a critical security issue as "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action."

That said, IT shops may want to prioritize bulletin MS12-027, as it secures a zero-day vulnerability in the Windows Common Control that could lead to a remote code execution attack if left unpatched.

"The 'deploy now' bulletin this month is MS12-027, a bulletin affecting the Windows Common Controls," explained Andrew Storms, director of security operations at security firm nCircle. "This component is included in so many Microsoft programs it affects almost every Microsoft user on the planet."

The affected programs include versions of Microsoft Office, SQL Server, Commerce Server and some Microsoft developer tools, such as Microsoft Visual FoxPro and the Visual Basic 6.0 runtime.

Along with affecting every version of Windows, this fix should be a high priority because, according to Storms, the vulnerability has already been seen in the wild by Microsoft. The attack works when a user visits a specially crafted Web site, which assists an attacker in accessing a system and remotely installing malicious code.

While Storms argued that bulletin MS12-027 should be the top concern in Microsoft's update, other security experts, including VMware's Data and Security Team Manager Jason Miller, are informing customers that bulletin MS12-023 --  a cumulative security update for Internet Explorer -- should be taken care of first. Miller is part of VMware after that company bought Shavlik Technologies in May.

"With any browser (Microsoft or non-Microsoft), patching is always on the top of the priority list as Internet browsers are one of the most targeted pieces of software for exploitation," said Miller in a blog post.

The fix, which targets IE versions 6, 7, 8 and 9, takes care of five privately reported issues that could lead to an attacker gaining the access rights of an unsuspecting user. Unlike the Windows Common Controls fix, the five IE vulnerabilities haven't been seen in the wild as of yet. However, Microsoft warns that successful attacks will likely appear in the next 30 days.

The third critical entry, bulletin MS12-024, takes care of a vulnerability in all versions of Windows that "could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system," according to Microsoft.

To block this from potentially being exploited, the bulletin will modify how the Windows Authenticode Signature Verification classifies a portable executable file for use. Also important to note is that this fix will need to be applied by those persons running the Windows 8 Consumer Preview, as well as the earlier released Windows 8 Developer Preview.

The fourth critical bulletin for the month solves a privately reported flaw in .NET Framework that could lead to a remote code execution attack if a specially crafted Web site is viewed using a browser that can run XAML Browser Applications (XBAPs). Bulletin MS12-025 affects .NET Framework versions running on Windows XP, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

Finally, Microsoft's security update for April includes two "important" bulletins. The first important bulletin, MS12-026, fixes two holes in Forefront Unified Access Gateway that could lead to an information disclosure attack if an attacker sends a specially crafted query to the UAG server. The second important bulletin, MS12-028, takes care of yet another remote code execution flaw in Microsoft Office and Microsoft Works.

Along with Microsoft's monthly update, it is worth noting that Adobe has released its next security update for both its Acrobat and Reader products, which can be found here.

Microsoft's security updates may require a system restart after installation. More information can be found in Microsoft's Security Bulletin Summary for April 2012.

About the Author

Chris Paoli is the site producer for and


  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus