Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows. One of eight fixes released Tuesday as part of its monthly security updates.
Microsoft released a total of five critical patches in its April security bulletin. Two of them fix bugs in Windows, two fix bugs in Windows and Internet Explorer (IE), and one fixes a vulnerability in Microsoft Office. The critical rating means an attacker could potentially exploit the flaws to hack into a victim’s computer.
The other patches fix vulnerabilities in Windows and Office and were rated “important.” Microsoft releases patches on the second Tuesday of every month, which has become known in the industry as “Patch Tuesday.”
* MS08-018, fixes for vulnerabilities in Microsoft Office
* MS08-021 fixes two vulnerabilities in Windows’ graphics device interface (GDI)
* MS08-022 patches vulnerability in VBScript and JScript scripting engines
* MS08-024 patches a vulnerability found in all versions of IE
* MS08-023 fixes an ActiveX vulnerability that affects both Windows and Internet Explorer.
[ad#add-top-in]
In Sarwate’s opinion, MS08-021, MS08-022 and MS08-023 are especially important for users because they affect all versions of Windows, even if no other software is installed on the machine.