Microsoft has released its April 2006 security bulletin, which includes five updates: three critical, one important, and one moderate. All versions of Windows are affected by the vulnerabilities addressed in the three critical bulletins. This monthly update covers Windows updates, but two of the updates are specific to Microsoft Office, neither considered by Microsoft to be critical. All of the patches are available via Microsoft Update or via the individual bulletins detailed below. Also see Critical megapatch sews up 10 holes in IE on News.com for more infromation.
Entitled "Cumulative Security Update for Internet Explorer," this security bulletin addresses 10 of the most recent high-profile vulnerabilities affecting the browser, including the CreateTextRange flaw, which is known to have been exploited and used against unpatched systems.
Entitled "Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution," this security bulletin addresses vulnerabilities in this ActiveX control, and it affects all versions of Windows.
Entitled "Vulnerability in Windows Explorer Could Allow Remote Code Execution," this security bulletin addresses a vulnerability that could allow a remote attacker to take control of your PC through this popular file manager. The vulnerability affects all versions of Windows.
Entitled "Cumulative Security Update for Outlook Express," this security bulletin addresses the way this e-mail client handles Windows Address Book files.
Entitled "Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting," this security bulletin addresses a cross-site scripting flaw in FrontPage Web site building software and SharePoint collaboration software and affects only Microsoft FrontPage Server Extensions running on Server 2003, Windows 2000, and Windows XP. Microsoft FrontPage 2002 itself is not affected.