Microsoft pushes four critical fixes in April security update

Microsoft has released its April security bulletin, a six-patch update containing four critical fixes and addressing a total of 11 vulnerabilities.

This month’s critical bulletins address various remote code execution vulnerabilities in Microsoft Windows, Internet Explorer and Office. Considered to be the serious vulnerabilities, remote code execution flaws allow for an attacker to install malware on a targeted system without user consent.

Bulletins MS12-023 and MS12-027 address key issues in Internet Explorer and Microsoft Office.

With both programs playing a critical role in day-to-day business operations, experts say IT administrators should make them first priority patches.

"Two that really stand out to me are 023 and 027," McAfee threat intelligence service manager Jim Walters told V3, "the IE bulletin is the highest priority."

The other two non-critical Microsoft patches released today include resolutions for a vulnerability in Microsoft Forefront Unified Access Gateway (UAG) that could allow for information disclosure if an attacker sends a specially made query to the UAG server.

The remaining bulletin addresses a privately reported vulnerability in Microsoft Word that could allow for a remote code execution flaw.

Adobe also released a critical patch for its Acrobat and Reader programs. The patch fixes a vulnerability which could lead to remote code execution and potentially allow an attacker to take control of an affected system.

"Given the popularity of the PDF format in targeted attacks, priority should be placed on this update as well," Walters added.