Microsoft Rains April Patch Showers

WatchGuard Security Center

While not quite as bad as last month’s 14 security bulletins, April’s Patch Day is bursting with updates. According to their summary, Microsoft released 11 security bulletins, some fixing serious issues. Windows administrators should put their heads down, dive in, and get patching.

By the Numbers:

February Microsoft Patch DayToday, Microsoft released 11 security bulletins, fixing a total of 26 security vulnerabilities in many of their products. The affected products include:

  • all current versions of Windows,
  • Internet Explorer (IE),
  • Office,
  • SharePoint Server,
  • the .NET Framework,
  • XML Core Services,
  • and Hyper-V.

They rate four bulletins as Critical and the rest as Important.

Patch Day Highlights:

In my opinion, the HTTP.sys vulnerability is the biggest deal this month. While it doesn’t say so directly, this flaw affects all Microsoft’s IIS web servers. Simply by sending a specially crafted web request, an attacker can take over your web server. I would patch all your public Windows-based IIS servers…

View original post 1,326 more words