Five of the patches were for bugs in Microsoft's Windows operating system -- four of them are rated critical and one is rated as important. The other patch was for a critical flaw in Microsoft Content Management Server.
April's Patch Tuesday is the first security update since Microsoft skipped its monthly security update in March. However, Microsoft issued an emergency patch last week for an .ANI vulnerability that was being heavily exploited. That emergency patch was reissued in today's security update.
"There are quite a few surprises," said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center. "It's surprising to have such a large list of critical ones. There's usually one or two critical bugs being fixed."
Ullrich also noted in an interview that a few of the areas being patched have been patched before. The first bug to be found in Windows XP was in the Universal Plug and Play capability, which is being patched today. Ullrich also pointed out that there have been several vulnerabilities fixed in Microsoft Agent, which is software designed to make it easier for developers to enhance the user interface of applications and Web pages. Microsoft patched a critical bug in it today, as well.
While Ullrich said these are all different bugs than the others found earlier in these applications, it's curious to see more bugs in software that has already gotten the once -- or twice -- over.
Tuesday's security update includes a patch for a critical bug in CSRSS, a message function in Windows Vista, which could enable remote code execution. The bug does affect other Windows versions, including Windows 2000 and Windows XP, but gained the most attention for affecting the highly touted Windows Vista operating system.
It was the first publicly disclosed bug in Windows Vista. Researchers at Determina reported the bug to Microsoft last December.
"Arbitrary code execution is possible, but requires a great deal of luck, though a denial-of-service is definitely possible," wrote Peter Ferrie, a security response engineer for Symantec, in a blog posted this past January. "Why the fuss? Simply put, successful exploitation of the bug allows even the most restricted user-mode application to elevate its privileges to the System level. From there, the kernel is accessible even on Vista."
The other patches cover a critical flaw in Microsoft Content Management Server that could enable remote code execution; a critical vulnerability in the Universal Plug and Play that could enable remote code execution; and a critical flaw in Microsoft Agent that could enable remote code execution.
The vulnerability rated important is in the Windows Kernel. The bug enables an elevation of privilege.
Symantec's Security Response Team rates the Microsoft Agent vulnerability to be the most critical of today's security bulletins since a successful exploit could allow an attacker to install malicious code and gain complete control of the affected system.
The patches can be automatically updated or users can go to this Web site to download them manually.