Culture

Microsoft issues five patches, one affecting Vista

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

April 10, 2007 11:51 a.m. PT

2 min read

Microsoft has released its April 2007 security bulletin, which includes five updates: Four are listed as critical, and one is listed as important. Four of the patches affect Microsoft Windows, with one critical patch including Windows Vista. One of the patches affects Microsoft Client Management Server. None of the patches this month include Microsoft Office. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-018: Critical
Entitled "Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)," this bulletin affects users of Microsoft Content Management Server 2001 and 2002, and addresses the vulnerabilities detailed in CVE-2007-0938 and CVE-2007-0939. Successful exploitation could lead to remote code execution.

MS07-019: Critical
Entitled "Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)," this bulletin affects users of Microsoft Windows XP Service Pack 2 and x64, but does not affect Windows 2000 SP4, Windows Server 2003, or Windows Vista, and addresses the vulnerability detailed in CVE-2007-1204. Successful exploitation could lead to remote code execution.

MS07-020: Critical
Entitled "Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)," this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2 and x64), and Windows Server 2003 (SP1 and x64), but does not affect Windows Vista, and addresses the vulnerability detailed in CVE-2007-1215. Successful exploitation could lead to remote code execution.

MS07-021: Critical
Entitled "Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)," this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2 and x64), Windows Server 2003 (SP1 and x64), and Windows Vista, and addresses the vulnerabilities detailed in CVE-2006-6696, CVE-2006-6797, CVE-2007-1209. Successful exploitation could lead to remote code execution.

MS07-022: Important
Entitled "Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)," this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2 ), Windows Server 2003 (SP1), but not Windows XP x64, Windows Server 2003 x64, and Windows Vista, , and addresses the vulnerability detailed in CVE-2007-1206. Successful exploitation could lead to remote code execution.