April '10 Patch Tuesday Detailed

Article by George Norman (Cybersecurity Editor)

on 14 Apr 2010

On Tuesday, the 13th of April, Redmond-based software giant Microsoft rolled out a total of 11 security bulletins. Until now all we knew is that the 11 security bulletins address a total of 25 vulnerabilities that plague the Windows operating system, the Microsoft Office productivity suite, and the collaborative application product Microsoft Exchange.

Microsoft has now released additional details about these 11 security bulletins. Out of them 5 are rated as critical, 5 are rated as important, and one is rated as moderate. Check it out the details on these 11 security bulletins below.

Title: Vulnerabilities in Windows Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Most likely attack vector: Victim double-clicks a malicious EXE or allows malicious content to run because content claims to be signed by a trusted publisher.
Description: Two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected software: Microsoft Windows
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for Itanium-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
Title: Vulnerabilities in SMB Client Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Most likely attack vector: Attacker hosts malicious SMB server within enterprise network. Attacker lures victim to click on a link that causes victim to initiate an SMB connection to the malicious SMB server.
Description: One publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
Affected software: Microsoft Windows
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for Itanium-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
Title: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Most likely attack vector: If a victim Windows 2000 machine has enabled Windows Media Services, an attacker can send network-based attack over port 1755 (TCP or UDP).
Description: A privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.
Affected software: Microsoft Windows
  • Microsoft Windows 2000 Server Service Pack 4
Title: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Most likely attack vector: Victim browses to a malicious webpage or opens a malicious AVI movie.
Description: A privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Affected software: Microsoft Windows
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
  • Windows XP Professional x64 Edition Service Pack 2
Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution
Rating: Critical (remote code execution)
Most likely attack vector: Victim browses to a malicious webpage.
Description: A privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
Affected software: Microsoft Windows
  • Windows Media Player 9 Series (Microsoft Windows 2000 Service Pack 4)
  • Windows Media Player 9 Series (Windows XP Service Pack 2)
  • Windows Media Player 9 Series (Windows XP Service Pack 3)
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Rating: Important (elevation of privilege)
Most likely attack vector: Attacker able to run code locally on a machine exploits a vulnerability to run code at a higher privilege level.
Description: Several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Affected software: Microsoft Windows
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for Itanium-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
  • Windows XP Professional x64 Edition Service Pack 2
Title: Vulnerability in VBScript Could Allow Remote Code Execution
Rating: Important (remote code execution)
Most likely attack vector: Victim browses to a malicious webpage and is tricked into clicking F1 on a VBScript messagebox.
Description: A publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker.
Affected software: Microsoft Windows
  • VBScript 5.1 (Microsoft Windows 2000 Service Pack 4)
  • VBScript 5.6 (Microsoft Windows 2000 Service Pack 4)
  • VBScript 5.6 (Windows Server 2003 Service Pack 2)
  • VBScript 5.6 (Windows Server 2003 with SP2 for Itanium-based Systems)
  • VBScript 5.6 (Windows Server 2003 x64 Edition Service Pack 2)
  • VBScript 5.6 (Windows XP Professional x64 Edition Service Pack 2)
  • VBScript 5.6 (Windows XP Service Pack 2 and Windows XP Service Pack 3)
  • VBScript 5.6 (Windows XP Service Pack 2)
  • VBScript 5.7 (Microsoft Windows 2000 Service Pack 4)
  • VBScript 5.7 (Windows Server 2003 Service Pack 2)
  • VBScript 5.7 (Windows Server 2003 with SP2 for Itanium-based Systems)
  • VBScript 5.7 (Windows Server 2003 x64 Edition Service Pack 2)
  • VBScript 5.7 (Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2)
  • VBScript 5.7 (Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2)
  • VBScript 5.7 (Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2)
  • VBScript 5.7 (Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2)
  • VBScript 5.7 (Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2)
  • VBScript 5.7 (Windows XP Professional x64 Edition Service Pack 2)
  • VBScript 5.8 (Windows 7 for 32-bit Systems)
  • VBScript 5.8 (Windows 7 for x64-based Systems)
  • VBScript 5.8 (Windows Server 2003 Service Pack 2)
  • VBScript 5.8 (Windows Server 2003 x64 Edition Service Pack 2)
  • VBScript 5.8 (Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2)
  • VBScript 5.8 (Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2)
  • VBScript 5.8 (Windows Server 2008 R2 for Itanium-based Systems)
  • VBScript 5.8 (Windows Server 2008 R2 for x64-based Systems)
  • VBScript 5.8 (Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2)
  • VBScript 5.8 (Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2)
  • VBScript 5.8 (Windows XP Professional x64 Edition Service Pack 2)
  • VBScript 5.8 (Windows XP Service Pack 2 and Windows XP Service Pack 3)
Title: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution
Rating: Important (remote code execution)
Most likely attack vector: Victim opens malicious .PUB file.
Description: A privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
Affected software: Microsoft Office
  • Microsoft Office Publisher 2002 Service Pack 3 (Microsoft Office XP Service Pack 3)
  • Microsoft Office Publisher 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
  • Microsoft Office Publisher 2007 Service Pack 1 (2007 Microsoft Office System Service Pack 1)
  • Microsoft Office Publisher 2007 Service Pack 2 (2007 Microsoft Office System Service Pack 2)
Title: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service
Rating: Important (denial of service)
Most likely attack vector: Attacker causes SMTP Service running on 64-bit Windows Server 2003 to crash by initiating a DNS lookup handled by a malicious DNS server.
Description: One publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service.
Affected software: Microsoft Windows and Microsoft Exchange
  • Microsoft Exchange Server 2000 Service Pack 3
  • Microsoft Exchange Server 2003 Service Pack 2
  • Microsoft Exchange Server 2007 Service Pack 1 for x64-based Systems
  • Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
  • Microsoft Exchange Server 2010 for x64-based Systems
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for x64-based Systems
  • Windows XP Professional x64 Edition Service Pack 2
Title: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution
Rating: Important (remote code execution)
Most likely attack vector: Victim opens malicious .VSD file.
Description: Two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user.
Affected software: Microsoft Office
  • Microsoft Office Visio 2002 Service Pack 2
  • Microsoft Office Visio 2003 Service Pack 3
  • Microsoft Office Visio 2007 Service Pack 1
  • Microsoft Office Visio 2007 Service Pack 2
Title: Vulnerability in Windows ISATAP Component Could Allow Spoofing
Rating: Moderate (spoofing)
Most likely attack vector: Attacker spoofs own source address by encapsulating iPv6 attack packet inside IPv4 wrapper. This may allow attacker to reach IPv6 destination that otherwise would be blocked.
Description: One privately reported vulnerability in Microsoft Windows. This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.
Affected software: Microsoft Windows
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows XP Service Pack 2
  • Windows XP Service Pack 3

The Microsoft Security Response Center (MSRC) has provided these visual representations of the April 2010 Patch Tuesday update.










Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all